mgiovani/git-sync
skills/git-sync/SKILL.md
Sync current branch with base branch using merge (default) or rebase. Handles fork sync, conflict detection, and stash management.
$ install --global
skillsauthnpx skillsauth add mgiovani/cc-arsenal git-syncInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 5:32 PM42.3s1 file scanned
SKILL.md
- name:
- git-sync
- description:
- Sync current branch with base branch using merge (default) or rebase. Handles fork sync, conflict detection, and stash management.
- author:
- mgiovani
- version:
- 1.0.0
- source:
- https://github.com/mgiovani/skills
- disable-model-invocation:
- true
- argument-hint:
- [--rebase] [--base main] [--upstream] [--stash]
Git Sync
Cross-Platform AI Agent Skill This skill works with any AI agent platform that supports the skills.sh standard.
Sync the current branch with its base or upstream branch. Defaults to merge to preserve history; rebase is opt-in only.
Anti-Hallucination Guidelines
CRITICAL: Only sync based on what git status and git log actually show:
- Read before acting — Run
git statusandgit branchbefore any sync operation - Verify branch state — Check commits ahead/behind before proposing a strategy
- Never force push main/master — Hard rule, no exceptions
- Confirm conflicts — Report exact conflicting files; do not guess
Workflow
Phase 1: Analyze State
Run the following to understand current branch state:
# Current branch and status
git branch --show-current
git status --porcelain
# Remote tracking info
git remote -v
git fetch --dry-run 2>&1 || true
# Commits ahead/behind base
git log --oneline HEAD..origin/main 2>/dev/null | head -20
git log --oneline origin/main..HEAD 2>/dev/null | head -20
Also check:
- Is working tree dirty? (uncommitted changes)
- Is branch pushed to remote? (
git log origin/<branch>..HEAD— if error, branch is local-only) - What is the base branch? (check PR info via
gh pr view --json baseRefName -q .baseRefName 2>/dev/nullor ask user)
Phase 2: Strategy Selection
Determine sync strategy:
Merge (default) — Use when:
- Branch has been pushed to remote (shared branches)
- User did not pass
--rebase - You are unsure
Rebase (opt-in) — Use only when:
- User explicitly passed
--rebase, OR - Branch is local-only (never pushed) and
--rebaseis passed
Fork sync (--upstream) — Use when:
- User wants to sync from upstream remote (fork workflow)
- Run:
git fetch upstream && git merge upstream/<base>
Display the detected state and proposed strategy clearly before proceeding:
Current branch: feature/my-feature
Base branch: main
Strategy: merge (default)
Commits behind: 5
Commits ahead: 2
Dirty tree: no
If user did not provide --base, infer base from:
gh pr view --json baseRefName(if GitHub CLI available)- Git config:
git config branch.<name>.merge - Fallback: ask with
AskUserQuestion
Phase 3: Pre-sync Safety
-
Handle dirty working tree:
- If
--stashflag: rungit stash push -m "git-sync auto-stash"before sync - If dirty tree without
--stash: abort with clear message asking user to commit, stash, or use--stash
- If
-
Fetch latest from remote:
git fetch origin # For fork sync: git fetch upstream -
Re-check divergence after fetch to report accurate numbers
Phase 4: Execute Sync
Merge strategy:
git merge origin/<base>
Rebase strategy (local-only branch):
git rebase origin/<base>
Rebase strategy (pushed branch — warn user first):
WARNING: This branch has been pushed to remote.
Rebasing will require a force-push, which rewrites history.
This is ONLY safe if no one else has pulled this branch.
Proceed? [y/N]
If yes:
git rebase origin/<base>
git push --force-with-lease origin <branch>
On merge/rebase conflict:
- Run
git diff --name-only --diff-filter=Uto list conflicting files - Report exact files with conflict markers
- Do NOT attempt to resolve conflicts automatically
- Offer two options:
- Continue: user resolves conflicts manually, then runs
git merge --continueorgit rebase --continue - Abort: run
git merge --abortorgit rebase --abort
- Continue: user resolves conflicts manually, then runs
Phase 5: Post-sync Report
After successful sync:
# Show new position
git log --oneline -5
git log --oneline origin/<base>..HEAD | wc -l
Report:
- New commit count ahead of base
- Whether force-push was used
- Whether stash was popped (
git stash popif--stashwas used) - Tip: mention
git rerereif conflicts were present
Pop stash if it was auto-stashed:
git stash pop
Argument Parsing
--rebase: Use rebase instead of merge--base <branch>: Specify the base branch (default: auto-detect)--upstream: Sync fromupstreamremote instead oforigin(fork workflow)--stash: Auto-stash dirty changes before sync, pop after
Important Notes
- NEVER force push to main/master — regardless of flags or user insistence
- Merge is safer for shared branches; only rebase local-only branches
--force-with-leaseinstead of--forceto prevent overwriting others' work- Conflicts require manual resolution — do not guess how to resolve them
- Fork workflow: requires
upstreamremote to be configured (git remote add upstream <url>)
Examples
# Sync with main using merge (default)
/git-sync
# Sync with develop branch
/git-sync --base develop
# Rebase onto main (local-only branch)
/git-sync --rebase
# Sync, stashing local changes first
/git-sync --stash
# Fork sync: pull upstream changes into your fork
/git-sync --upstream --base main
Related Skills
mgiovani/test-suite
development
VerifiedTrustedCommunity
Generate comprehensive test suites with coverage analysis and parallel test writing. Automatically activates when users want to write tests, add test coverage, generate test cases, improve testing, or analyze coverage gaps. Supports pytest, vitest, jest, and all major test frameworks.
3SKILL.mdUpdated Apr 22, 2026
mgiovani/team-review
development
VerifiedTrustedCommunity
Multi-agent PR review team orchestration with 7 specialized reviewers for security-sensitive or architectural PRs. Spawns architecture, security, performance, testing, style, docs/UX, and adversary reviewers as a coordinated team. Premium review for critical code changes.
3SKILL.mdUpdated Apr 22, 2026
mgiovani/team-implement
development
VerifiedTrustedCommunity
Spec-driven team orchestration: adaptive development team scaling from 3 to 11 agents based on complexity.
3SKILL.mdUpdated Apr 22, 2026
mgiovani/review-security
development
VerifiedTrustedCommunity
Perform comprehensive security review targeting OWASP Top 10 2025 vulnerabilities for PRs, commits, or entire codebases. This skill should be used when a user wants to audit code security, scan for vulnerabilities, review security posture, or check for OWASP compliance. Analysis only - identifies vulnerabilities without modifying code.
3SKILL.mdUpdated Apr 22, 2026