nexus-a1/commit
skills/commit/SKILL.md
Stage and commit changes with a conventional commit message. Runs pre-commit checks automatically. Optionally prefixes with a ticket number.
testing
Updated Apr 18, 2026
$ install --global
skillsauthnpx skillsauth add nexus-a1/claude-skills commitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 3:29 AM21.0s1 file scanned
SKILL.md
- name:
- commit
- category:
- release-management
- model:
- claude-haiku-4-5
- userInvocable:
- true
- description:
- Stage and commit changes with a conventional commit message. Runs pre-commit checks automatically. Optionally prefixes with a ticket number.
- argument-hint:
- [ticket-number]
- allowed-tools:
- Bash(git commit:*), Bash(git add:*), Bash(git reset:*), Bash(git status:*), Bash(git diff:*), Bash(git checkout:*), Bash(git branch:*), Bash(git log:*), Bash(./vendor/bin/php-cs-fixer:*), Bash(php-cs-fixer:*), Bash(test:*), Bash(which:*), AskUserQuestion
Git Commit Command
Context
Recent commits for reference: !git log --oneline -5 2>/dev/null || echo "No previous commits (this will be the first commit)"
Current branch: !git branch --show-current 2>/dev/null || echo "(not in a git repository)"
Your Task
Run everything inline — no agent delegation. The git-mutation-guard.sh PreToolUse hook runs the credential scan on staged files automatically at commit time; you do not need to scan separately.
1. Determine Ticket Number
Priority order (argument: $ARGUMENTS):
- From argument: If provided, validate against
[A-Z]+-[0-9]+. - From branch name: Extract with:
branch=$(git branch --show-current) ticket=$(echo "$branch" | grep -oE '[A-Z]+-[0-9]+' | head -1) - None: Only if the branch has no ticket pattern.
The ticket MUST appear in the commit message as [TICKET-123] (brackets, original casing).
2. Check Branch Safety
If on main or master, create a feature branch before committing:
git checkout -b feature/[ticket]-description
3. Run PHP CS Fixer (if available)
test -f ./vendor/bin/php-cs-fixer && ./vendor/bin/php-cs-fixer fix --dry-run --diff <modified-php-files>
Skip silently if not available or no PHP files modified.
4. Review Changes and Stage
Use compact flags — never plain git status / git diff:
git status --short
git diff --stat HEAD
Identify files to stage, excluding .env*, credentials.*, *.pem, *.key. For files whose content you need to understand for the commit message, fetch the full patch per-file:
git diff HEAD -- <file>
Stage explicitly:
git add <file1> <file2> ...
5. Author Commit Message
Format:
[TICKET-123] type(scope): short description
Optional body wrapped at 72 chars explaining the WHY.
Types: feat | fix | refactor | test | docs | chore | style | perf
Rules:
- Imperative mood, subject line ≤ 50 chars
- NO
Co-Authored-By, NOGenerated with Claude Code, NO AI attribution - One logical change per commit — if tempted to use "and", split it
6. Commit
git commit -m "$(cat <<'EOF'
[TICKET-123] type(scope): short description
Optional body.
EOF
)"
If the hook blocks the commit due to a credential-scan finding: surface the finding to the user verbatim (file:line — label, never the secret value). Ask whether it is a true leak or false positive. On confirmed false positive, re-run with GIT_AUTHORIZED=1 git commit … and include the reason in the commit body so the override is traceable. Never override silently.
7. Report Results
Show:
- Commit hash (from
git log -1 --format='%h') - Commit message subject line
- File count (from
git show --stat HEAD)
Important Notes
- Single message execution — complete all steps in one response.
- Branch safety — never commit directly to main/master.
- Clean messages — no AI attribution or footers.
- Do NOT push — user will push manually (the push hook requires a security-auditor confirmation).
Related Skills
nexus-a1/add-product-knowledge
development
VerifiedTrustedCommunity
Add a new entry to the product knowledge base. Wizard-guided — prompts for category, title, and content, then writes a structured markdown file and rebuilds the manifest.
SKILL.mdUpdated Apr 24, 2026
nexus-a1/work-status
data-ai
VerifiedTrustedCommunity
Show all active work sessions across brainstorms, requirements, proposals, and epics. Supports --update to advance lifecycle on one session and --sync to sweep them all.
SKILL.mdUpdated Apr 23, 2026
nexus-a1/update-documentation
documentation
VerifiedTrustedCommunity
Review and update project documentation using an agent team. Inventories docs, identifies gaps and drift, updates technical and API docs in parallel.
SKILL.mdUpdated Apr 17, 2026
nexus-a1/update-context
tools
VerifiedTrustedCommunity
Annotate an active work session with a note, scope change, or new finding. Auto-detects the active session, synthesizes the salient points of the current conversation, and appends a timestamped entry to state.json after a single target confirmation. Use mid-session when you learn something that should be preserved.
SKILL.mdUpdated Apr 17, 2026