acedergren/quality-commit
skills/quality-commit/SKILL.md
Use when committing code changes. Runs lint, typecheck, Semgrep security scan, optional CodeRabbit review, and related tests before creating a quality-gated commit. Flags: --review, --push, --dry-run, --message. Keywords: commit, quality gates, lint, typecheck, semgrep, coderabbit, stage, push.
$ install --global
skillsauthnpx skillsauth add acedergren/agentic-tools quality-commitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:59 AM64.1s1 file scanned
SKILL.md
- name:
- quality-commit
- description:
- Use when committing code changes. Runs lint, typecheck, Semgrep security scan, optional CodeRabbit review, and related tests before creating a quality-gated commit. Flags: --review, --push, --dry-run, --message. Keywords: commit, quality gates, lint, typecheck, semgrep, coderabbit, stage, push.
Quality Commit
Run all quality gates on staged changes, then commit. Replaces manual multi-step commit prep that frequently causes pre-commit hook friction.
NEVER
- Never run
git add .orgit add -A— always stage specific files by name. - Never commit after partial gate failures by bypassing hooks — gates exist for correctness.
- Never let optional tools (CodeRabbit, Semgrep) block the workflow when not installed — skip with warning.
- Never widen scope to unrelated repo cleanup during commit prep.
- Never attempt to auto-fix gate failures and retry — report errors, let the agent fix first.
Decision: What Gates to Run
Has staged files?
├─ No → Print warning, exit
└─ Yes →
├─ Always: Lint → TypeCheck → Semgrep → Tests → Commit
├─ --review or --full: Add CodeRabbit (slow, ~30s) before commit
└─ --push: After commit, Semgrep committed files, push to remote
Gate Execution
Scope detection
STAGED=$(git diff --cached --name-only --diff-filter=ACMR)
bash scripts/classify-staged-files.sh # categorizes into frontend/api/shared
Semgrep: file-at-a-time (critical workaround)
Semgrep 1.146.0+ crashes with multiple file arguments (Invalid_argument: invalid path). Always loop:
for f in $STAGED_FILES; do
semgrep scan --config auto --json "$f" 2>/dev/null || true
done
Block on critical/high findings. Warn on medium/low. Skip if not installed.
TypeCheck workspace commands
- frontend:
npx svelte-check --tsconfig ./tsconfig.json --threshold error(11 pre-existing errors in test files are known baseline — ignore) - api:
npx tsc --noEmit - shared:
npx tsc --noEmit
Related test discovery
node scripts/find-related-tests.js <staged-file>
# src/lib/server/auth/rbac.ts → src/lib/server/auth/rbac.test.ts
Run discovered tests: npx vitest run <test-files> --reporter=verbose
Commit message format
type(scope): description
Co-Authored-By: Claude Opus 4.6 <[email protected]>
Types: feat, fix, refactor, test, docs, chore
Scopes: security, phaseX.Y, api, frontend, database, auth, workflows
Push flow (--push only)
- Re-run Semgrep on committed files (same file-at-a-time loop, use
git diff --name-only HEAD~1) - Detect upstream:
git rev-parse --abbrev-ref @{u} 2>/dev/null - If no upstream:
git push -u origin $BRANCH, elsegit push - Abort push on critical/high Semgrep findings — commit stays intact, do NOT undo it
Summary table
| Gate | Status | Details |
|------------|--------|----------------------------|
| Lint | PASS | 5 files, 0 errors |
| TypeCheck | PASS | api + frontend |
| Semgrep | PASS | 0 findings |
| CodeRabbit | SKIP | (use --review to enable) |
| Tests | PASS | 3 test files, 12 tests |
| Commit | DONE | abc1234 |
| Push | SKIP | (use --push to enable) |
Arguments
- (empty): lint + typecheck + semgrep + tests + commit
--review/--full: Add CodeRabbit review--dry-run: Run all gates, skip actual commit and push--push: Commit then semgrep + push to remote--message "...": Use custom commit message
Related Skills
acedergren/skills/api-audit
development
VerifiedTrustedCommunity
--- name: api-audit description: "Use when auditing API routes for schema drift, missing auth, or validation gaps. Scans routes against shared TypeScript types to find mismatches, missing middleware, and undocumented endpoints. Read-only — produces a severity-grouped report. Keywords: audit routes, schema drift, auth gaps, missing validation, type mismatch, orphaned schemas. Triggers on "audit API routes" or "find schema drift"." --- # API Route & Type Audit Skill ## When to Use Load this skil
14SKILL.mdUpdated Mar 26, 2026
acedergren/write-natural-swedish
development
VerifiedTrustedCommunity
Use when drafting, translating, polishing, or reviewing Swedish text so it sounds natural, fluent, contemporary, and appropriate for its audience. Triggers include "write better Swedish", "make this sound natural in Swedish", "translate into Swedish", "polish this Swedish", "tech company Swedish", "contemporary Swedish words", "Swedish developer docs", and "avoid Anglicisms".
13SKILL.mdUpdated May 13, 2026
acedergren/shadcn-svelte
development
VerifiedTrustedCommunity
Use when working with shadcn-svelte components, TanStack Table in Svelte 5, or Tailwind v4.1. Covers non-obvious reactivity bugs, library selection trade-offs, and migration pitfalls not in the official docs. Keywords: shadcn-svelte, TanStack Table, Tailwind v4.1, Svelte 5 runes, bits-ui, superforms, data table, svelte-check.
13SKILL.mdUpdated Mar 26, 2026
acedergren/oracle-idcs-org-provisioning
data-ai
VerifiedTrustedCommunity
Use when mapping IDCS claims to org membership after OAuth login succeeds. Covers mapProfileToUser, session.create.before, session.create.after hooks, MERGE INTO upserts, tenant-org mapping, and first-admin bootstrap. Keywords: IDCS groups, org_members, provisioning, session hooks, tenant map, MERGE INTO.
13SKILL.mdUpdated Mar 26, 2026