aedelon/commit-message
skills/commit-message/SKILL.md
Ship workflow: review changes, generate conventional commit messages, push, and create PRs. MUST BE USED when user says: "commit", "git commit", "commit this", "save changes", "commit message", "ship", "ship it", "push", "create PR", "pull request", "ready to merge", "deploy this", "stage changes", "what changed", "review my changes", "conventional commit", or after completing a coding task. Reviews changes, generates commit, optionally pushes and creates PR. NOT for git branching/rebasing (use git-workflow), code review (use review command), or deployment configuration (use deployment-assistant).
$ install --global
skillsauthnpx skillsauth add aedelon/claude-code-blueprint commit-messageInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 12:17 PM36.8s1 file scanned
SKILL.md
- name:
- commit-message
- description:
- |-
- Ship workflow:
- review changes, generate conventional commit messages, push, and create PRs.
- MUST BE USED when user says:
- commit", "git commit", "commit this", "save changes", "commit message",
Ship Workflow
Overview
Complete shipping pipeline: review changes -> commit -> push -> PR (each step confirmed).
Process
Phase 1: REVIEW -> git status + diff, understand all changes
Phase 2: COMMIT -> Generate conventional commit message, confirm, commit
Phase 3: PUSH -> Push to remote (if requested)
Phase 4: PR -> Create PR with summary (if requested)
Phase 1: Review Changes
Before generating a commit message:
# 1. Check what's staged and untracked
git status
# 2. Review changes (staged + unstaged)
git diff --cached
git diff
# 3. Check recent commit style
git log --oneline -5
Review Checklist
- Are all intended files staged?
- Are there files that should NOT be committed? (.env, large binaries, etc.)
- Do changes make sense as a single commit or should they be split?
Format (Conventional Commits)
<type>(<scope>): <subject>
<body>
<footer>
Types
| Type | Usage | Example |
|------|-------|---------|
| feat | New feature | feat(auth): add OAuth2 login |
| fix | Bug fix | fix(api): handle null response |
| docs | Documentation only | docs(readme): update installation |
| style | Formatting, no logic | style: format with prettier |
| refactor | Code restructure | refactor(utils): extract helper |
| perf | Performance | perf(query): add index |
| test | Tests | test(auth): add login tests |
| chore | Maintenance | chore(deps): update packages |
| ci | CI/CD | ci: add GitHub Actions |
| build | Build system | build: update webpack config |
Rules
Subject Line (First Line)
- Max 50 characters
- Imperative mood: "Add" not "Added" or "Adds"
- No period at end
- Capitalize first letter
- Be specific: "fix login button" > "fix bug"
Scope (Optional)
- Component, module, or feature affected
- Lowercase, short
- Examples:
auth,api,ui,config,deps
Body (Optional)
- Wrap at 72 characters
- Explain "what" and "why", not "how"
- Separate from subject with blank line
- Use bullet points for multiple changes
Footer (Required)
- Always include Claude attribution
- Reference issues if applicable:
Closes #123 - Note breaking changes:
BREAKING CHANGE: ...
Template
<type>(<scope>): <description>
<optional body explaining why this change was made>
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
Git Command Format
Use HEREDOC for proper formatting:
git commit -m "$(cat <<'EOF'
feat(auth): add password reset flow
Implement forgot password functionality with email verification.
Users can now reset their password via a secure token sent by email.
Closes #42
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
EOF
)"
Examples
Simple Fix
fix(button): correct hover state color
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
Feature with Explanation
feat(search): add fuzzy matching
Implement Levenshtein distance for typo-tolerant search.
This improves UX when users mistype search queries.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
Breaking Change
feat(api)!: change response format to JSON:API
BREAKING CHANGE: API responses now follow JSON:API specification.
All clients must update their parsers.
Migration guide: docs/migration-v2.md
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
Anti-Patterns (Avoid)
❌ "fix stuff"
❌ "update code"
❌ "WIP"
❌ "misc changes"
❌ "asdf" (obviously)
❌ "Fixed the thing that was broken"
❌ Subject longer than 50 chars.....................
Post-Commit Verification
After committing:
# Verify commit was created
git log -1
# Check nothing was missed
git status
Phase 3: Push (Optional)
If user confirms push:
# Push to remote
git push origin HEAD
# If no upstream, set it
git push -u origin HEAD
Always confirm before pushing. Show which remote and branch.
Phase 4: Create PR (Optional)
If user wants a PR:
gh pr create --title "<title>" --body "$(cat <<'EOF'
## Summary
- [bullet points of changes]
## Test Plan
- [how to verify changes]
Generated with [Claude Code](https://claude.com/claude-code)
EOF
)"
PR Title Rules
- Max 70 characters
- Same format as commit subject:
type(scope): description - Use the body for details, not the title
PR Body Template
## Summary
[1-3 bullet points describing what changed and why]
## Test Plan
- [ ] [Steps to verify the changes work]
## Related Issues
Closes #[number] (if applicable)
Always confirm PR title and body before creating. Return the PR URL when done.
Related Skills
aedelon/uv-workflow
tools
VerifiedTrustedCommunity
Master uv package manager for Python: project setup, dependency management, virtual environments, lockfiles, CI/CD integration, Docker builds, and migration from pip/poetry. MUST BE USED when user mentions: "uv", "uv add", "uv run", "uv sync", "uv init", "uv lock", "uv venv", "uv pip", "pyproject.toml", "python project setup", "python dependencies", "virtual environment", "venv", "pip install", "poetry to uv", "migrate from pip", "lockfile python", "requirements.txt", "setup.py", "pip freeze", "uv tool", "install package", "add dependency", "python environment", "new python project", "package manager python", "create project", "uv export", "uv cache", "uv python". 10-100x faster than pip. Covers init, add, sync, lock, run, Docker, CI/CD. NOT for npm/pnpm/yarn (JS toolchain), Rust cargo, or deployment (use deployment-assistant).
53SKILL.mdUpdated Mar 27, 2026
aedelon/security-audit
development
VerifiedTrustedCommunity
Proactive security audit: OWASP top 10, dependency vulnerabilities, secrets detection, input validation, auth patterns, and secure defaults. MUST BE USED when user mentions: "security", "vulnerability", "audit", "OWASP", "CVE", "security review", "pentest", "injection", "XSS", "CSRF", "authentication", "authorization", "secrets", "hardcoded password", "secure", "npm audit", "pip-audit", "check security", "is this secure", "security risk", "data leak", "SQL injection", "command injection", "path traversal", "SSRF", "RCE", "privilege escalation", "supply chain", "dependency scan", "snyk", "trivy", "semgrep", "bandit". Scans code for vulnerabilities, checks dependencies, verifies auth patterns. NOT for explaining security concepts (use pedagogical-explain), or general code review (use code-review).
53SKILL.mdUpdated Mar 27, 2026
aedelon/research-protocol
development
VerifiedTrustedCommunity
Conduct rigorous research with proper citations (DOI, arXiv, PMID) and source triangulation. MUST BE USED when user asks: "what is SOTA", "recent developments", "compare X vs Y", "is it true that", "research says", "latest papers on", "scientific evidence", "studies show", "state of the art", "literature review", "find papers", "academic research", "benchmark results", "who published", "when was X released", "current best", "what does the research say", "evidence for", "peer reviewed". Searches multiple sources, evaluates reliability, states confidence level. NOT for verifying API signatures (use anti-hallucination) or general web search (use WebSearch directly).
53SKILL.mdUpdated Mar 27, 2026
aedelon/core-protocols
development
VerifiedTrustedCommunity
Debug errors systematically by searching first, then analyzing, then proposing verified solutions. MUST BE USED when user reports: "error", "bug", "doesn't work", "fails", "crash", stack traces, exception messages, or any troubleshooting scenario. Triggers: "TypeError", "ImportError", "undefined is not a function", "segfault", "panic", "broken", "not working", "unexpected behavior", "regression", "failing", "exception", "traceback", "stack trace", "debug this", "why does this fail", "help me fix". Also enforces confidence levels and output templates. Prevents guessing solutions without research.
53SKILL.mdUpdated Mar 27, 2026