AgentSkillsCN

git-pushing

使用常规提交消息进行git变更的暂存、提交和推送,并附带智能安全检查。当用户想要提交并推送变更、提及推送到远程或要求保存并推送工作时使用。当用户说“推送变更”、“提交并推送”、“推这个”、“推到github”或类似git工作流请求时也激活。

SKILL.md
--- frontmatter
name: git-pushing
description: Stage, commit, and push git changes with conventional commit messages with intelligent security checks. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests.

Critical Corrections

False Positive Reduction in Security Checks (Learned: 2026-01-12)

Problem: Security checks were generating ~30% false positives by flagging:

  • Generic placeholder names ("Example-Client", "Sample-Client", "Test-Client")
  • Substring matches in XML schemas ("secChAlign" → flagged as "SECC" client)
  • Example paths in documentation using sanitized names

Solution: Three-layer intelligent filtering implemented:

  1. Exclude Placeholder Patterns:

    code
    ✗ Don't flag: "Example-Client", "Sample-Company", "Test-Organization"
    ✓ Do flag: "Atlas-Real-Estate", "Schomp-Automotive", actual client names
    

    Pattern: (Example|Sample|Test|Demo|Client|Company)-[A-Za-z]+

  2. Exclude False-Positive-Prone File Types:

    code
    ✗ Don't scan: *.xsd, *.dtd, *-schema.json (XML/JSON schemas)
    ✓ Do scan: *.md, *.js, *.py, *.ts (project documentation and code)
    

    These file types contain standard enum values that substring-match client names.

  3. Context-Aware Path Detection:

    code
    ✗ Flag: User-Files/Opportunities/Atlas-Real-Estate/proposal.docx (REAL PATH)
    ✓ Allow: "Example: `User-Files/Opportunities/Example-Client/`" (DOCUMENTATION)
    

    Distinguishes between actual project paths and documentation examples.

Verification: After implementing these improvements:

  • False positive rate reduced by ~70%
  • Maintained 100% detection of actual client names
  • Successfully pushed Reflect validation work without false blocks

Git Push Workflow

Stage all changes, create a conventional commit, and push to the remote branch.

When to Use

Automatically activate when the user:

  • Explicitly asks to push changes ("push this", "commit and push")
  • Mentions saving work to remote ("save to github", "push to remote")
  • Completes a feature and wants to share it
  • Says phrases like "let's push this up" or "commit these changes"

Workflow

ALWAYS use the script - do NOT use manual git commands:

bash
bash .claude/skills/git-pushing/scripts/smart_commit.sh

With custom message:

bash
bash .claude/skills/git-pushing/scripts/smart_commit.sh "feat: add feature"

Script handles: staging, conventional commit message, Claude footer, push with -u flag.

Authentication Setup

Recommended: Use HTTPS with Personal Access Token

The script automatically checks for SSH URL rewrites and uses HTTPS for authentication:

  1. Remote URLs should use HTTPS format: https://github.com/username/repo.git
  2. Git will prompt for credentials or use stored credentials
  3. If you have a global SSH rewrite (url.git@github.com:.insteadOf), the script will warn you

To configure HTTPS authentication:

bash
# Set remote to HTTPS
git remote set-url origin https://github.com/username/repo.git

# Store credentials (optional)
git config --global credential.helper store

Security Checks

Automatic security scanning runs before every push to detect:

  • ❌ Internal hourly rates (e.g., $200-$250/hr)
  • ❌ Client names in code examples
  • ❌ Client-specific file paths (e.g., User-Files/work-tracking/client-name/)
  • ❌ Company branding in generic examples
  • ❌ Forbidden document types (.docx proposals, contracts, etc.)

Configure patterns: Edit .claude/skills/git-pushing/scripts/security_patterns.conf

Bypass security check (NOT recommended):

bash
SKIP_SECURITY_CHECK=1 bash .claude/skills/git-pushing/scripts/smart_commit.sh

Edge Cases Handled

  • No commits yet: Script handles repos with no HEAD gracefully
  • SSH rewrites: Detects and warns about global SSH URL rewrites
  • New branches: Automatically uses -u flag for first push
  • No changes: Exits gracefully if nothing to commit
  • Sensitive data: Blocks push if sensitive patterns detected

Saving Next Steps

When git-pushing work is complete or paused:

bash
node .claude/skills/work-command-center/tools/add-skill-next-steps.js \
  --skill "git-pushing" \
  --content "## Priority Tasks
1. Stage and commit changes with conventional message
2. Push to remote repository
3. Verify commit appears on GitHub"

See: .claude/skills/work-command-center/skill-next-steps-convention.md