etylsarin/git-workflow
src/orchestrator/skills/git-workflow/SKILL.md
Defines branch naming conventions, PR template requirements, commit message format, discovered-issues escalation policy, and task tracking conventions. Load when committing, pushing, or opening PRs.
$ install --global
skillsauthnpx skillsauth add etylsarin/opencastle git-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 17, 2026, 3:09 AM290.8s1 file scanned
SKILL.md
- name:
- git-workflow
- description:
- Defines branch naming conventions, PR template requirements, commit message format, discovered-issues escalation policy, and task tracking conventions. Load when committing, pushing, or opening PRs.
Git Workflow & Delivery
NEVER push directly to main. All changes go through a feature/fix branch → PR.
Branch & Commit Rules
| Rule | Detail |
|------|--------|
| Branch from main | git checkout -b <type>/<ticket-id>-<slug> |
| Types | fix, feat, chore, refactor, perf, docs |
| Commit messages | Must reference issue ID — TAS-42: Fix token refresh |
| No force-push | Never --force or --amend on shared branches; --force-with-lease on personal only |
| No secrets | No tokens/keys in commits, PR descriptions, or output (rotate immediately if leaked) |
Delivery Checklist (Every Task)
- Branch
<type>/<ticket-id>-<slug>frommain - Atomic commits referencing issue ID
- Push branch to origin
- Open PR (do NOT merge) — write the body to a temp file first, then use
--body-file:
Never use inline# Write PR body to a temp file to avoid shell escaping issues cat > /tmp/pr-body.md << 'EOF' Resolves TAS-XX ## Changes - ... EOF GH_PAGER=cat gh pr create --base main --title "TAS-XX: Short description" --body-file /tmp/pr-body.md--bodywith markdown/backticks/special chars — it breaks in zsh heredocs and quoted strings. - Update issue with PR URL
Discovered Issues Policy
Inherits: discovered-issues-policy
Task Tracking
Tracked in the task tracker (tracker-config.md). Team Lead creates/updates issues via MCP. Load task-management skill for conventions.
If MCP tools unavailable: Document planned issues (title + AC) in output, use "N/A" (no tracker) or "TAS-PENDING" (tracker configured), proceed with work, update IDs when available.
Related Skills
etylsarin/validation-gates
development
VerifiedTrustedCommunity
Defines 10 sequential validation gates: secret scanning, lint/test/build checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, and smoke tests. Use when running pre-deploy validation or CI checks, CI/CD pipelines, deployment pipeline validation, pre-merge checks, continuous integration, or pull request validation.
44SKILL.mdUpdated May 17, 2026
etylsarin/testing-workflow
development
VerifiedTrustedCommunity
Generates test plans, writes unit/integration/E2E test files, identifies coverage gaps, and flags common testing anti-patterns. Use when writing tests, creating test suites, planning test strategies, mocking dependencies, measuring code coverage, or test planning.
44SKILL.mdUpdated May 17, 2026
etylsarin/team-lead-reference
development
VerifiedTrustedCommunity
Provides model routing rules, validates delegation prerequisites, supplies cost tracking templates, and defines dead-letter queue formats for Team Lead orchestration. Load when assigning tasks to agents, choosing model tiers, starting a delegation session, running a multi-agent workflow, delegating work, choosing which model to use, or assigning tasks.
44SKILL.mdUpdated May 17, 2026
etylsarin/session-checkpoints
testing
VerifiedTrustedCommunity
Saves and restores session state including task progress, file changes, and delegation history. Use when saving progress, resuming interrupted work, picking up where you left off, or checkpointing current work.
44SKILL.mdUpdated May 17, 2026