Safely create git commits with an agent tag prefix (e.g. [ANTIGRAVITY], [CODEX], [CLAUDE]), security validation, and proper user config. Use when committing code changes, creating commits, or when user says "commit", "save changes", or "git commit".
Ensures all git commits follow security best practices with automatic validation for sensitive data. Uses --author parameter to avoid modifying .git/config.
# Show all modified files
git status --short
# Review staged changes in detail
git diff --cached
Codex MUST manually review the diff output and verify:
# Stage specific files modified in current task
git add file1.php
git add file2.tsx
NEVER use:
git add . - Too broadgit add -A - Stages everythinggit add * - Uncontrolled# Automated security checks
bash .claude/skills/safe-commit/scripts/validate.sh
Script checks for common patterns (but Codex's manual review in Step 1 is still required).
Option A: Using Helper Script (Recommended)
bash .claude/skills/safe-commit/scripts/commit.sh \
"feat(feature): brief description" \
"- Detailed change 1
- Detailed change 2
- Detailed change 3"
You can set the commit author name with AGENT_NAME (default: Codex) and commit tag with AGENT_TAG (default derived from AGENT_NAME, e.g. AntiGravity → ANTIGRAVITY):
AGENT_NAME=AntiGravity AGENT_TAG=ANTIGRAVITY bash .claude/skills/safe-commit/scripts/commit.sh \
"docs(git): [ANTIGRAVITY] update safe-commit author/tag" \
"- Allow configurable commit author via AGENT_NAME\n- Allow configurable commit tag via AGENT_TAG"
Option B: Manual Commit
USER_EMAIL=$(git config user.email)
git commit --author="AntiGravity <$USER_EMAIL>" -m "type(scope): [ANTIGRAVITY] description
- Change details
Co-Authored-By: AntiGravity <[email protected]>"
# Check author and message
git log -1 --format='%an: %s'
# Expected: AntiGravity: [ANTIGRAVITY] type(scope): description
The validate.sh script performs basic pattern matching:
Before committing, Codex MUST manually review git diff --cached and check:
❌ MUST NOT include:
API Keys/Tokens/Secrets
Absolute File Paths (Context-dependent)
/home/username/...)/root/liveserver2024/..., /var/www/official-en-aia/...)Private Domains/Internal URLs (Context-dependent)
example.com, test.example.com)internal-api.company.local, 10.0.0.5).env File Values
DB_HOST=, API_KEY=)DB_PASSWORD=secret123)Database Credentials
Other Sensitive Data
✅ MUST include:
[$AGENT_TAG] tag in description: type(scope): [$AGENT_TAG] descriptionCo-Authored-By: <AgentName> <[email protected]> footer--author="<AgentName> <email>" parameter (does NOT modify .git/config)| Type | Usage |
|---|---|
feat | New feature |
fix | Bug fix |
refactor | Code restructuring |
style | CSS/formatting changes |
docs | Documentation updates |
test | Test additions |
chore | Build process, dependencies |
# Feature commit
git add app/Http/Controllers/NewsController.php resources/js/pages/news.tsx
bash .claude/skills/safe-commit/scripts/commit.sh \
"feat(news): [$AGENT_TAG] add news listing page with filters" \
"- Implement NewsController with pagination
- Create React news page component
- Add PostResource for data formatting"
# Bug fix commit
git add laravel/config/cache.php
bash .claude/skills/safe-commit/scripts/commit.sh \
"fix(cache): [$AGENT_TAG] resolve response cache not clearing" \
"- Update cache configuration
- Add cache clear to deployment workflow"
The validate.sh script performs these checks:
When enabled, uses Codex CLI for intelligent sensitive data detection:
Environment Variables:
| Variable | Values | Description |
|---|---|---|
USE_AI_VALIDATION | 1 (default if codex installed), 0 | Enable/disable AI validation |
AI_VALIDATOR | codex (default), gemini, copilot | Which AI tool to use |
MAX_DIFF_SIZE | 51200 (default) | Max diff size in bytes for AI validation |
Usage Examples:
# Use Codex for AI validation (default)
USE_AI_VALIDATION=1 bash .claude/skills/safe-commit/scripts/validate.sh
# Use Gemini for AI validation
AI_VALIDATOR=gemini bash .claude/skills/safe-commit/scripts/validate.sh
# Use GitHub Copilot for AI validation
AI_VALIDATOR=copilot bash .claude/skills/safe-commit/scripts/validate.sh
# Disable AI validation (regex only, faster)
USE_AI_VALIDATION=0 bash .claude/skills/safe-commit/scripts/validate.sh
# Set max diff size for AI validation (default 50KB)
MAX_DIFF_SIZE=102400 bash .claude/skills/safe-commit/scripts/validate.sh
AI Validation Features:
codex exec --sandbox read-only for secure executionExit codes:
0: All checks passed1: Security violation found (commit blocked)After committing, verify:
# Check author name
git log -1 --format='%an'
# Expected: Codex (or $AGENT_NAME)
# Check commit message
git log -1 --format='%s'
# Expected: type(scope): [$AGENT_TAG] description
# View full commit
git log -1 --format='%B'
This skill handles commits ONLY. Do NOT:
git push) - User must do manuallygit pull) - User must do manuallygit merge) - User must do manuallygit rebase) - User must do manually.git/config - Use --author parameter insteadFor more details, see:
AGENTS.md - Project-wide git commit policyThis skill implements the Git Commit Policy defined in AGENTS.md (Git Commit Policy section).
✅ Commit created with [$AGENT_TAG] tag in description
✅ Author name matches $AGENT_NAME (default: Codex)
✅ Security validation passed
✅ Only relevant files staged
✅ Conventional commit format maintained (type at start)
✅ Co-Authored-By footer present
✅ .git/config NOT modified