{
  "schemaVersion": "1.0",
  "item": {
    "slug": "afrexai-git-engineering",
    "name": "Git Engineering & Repository Strategy",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/1kalin/afrexai-git-engineering",
    "canonicalUrl": "https://clawhub.ai/1kalin/afrexai-git-engineering",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/afrexai-git-engineering",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-git-engineering",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "README.md",
      "SKILL.md"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-30T16:55:25.780Z",
      "expiresAt": "2026-05-07T16:55:25.780Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network",
        "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/afrexai-git-engineering"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/afrexai-git-engineering",
    "agentPageUrl": "https://openagent3.xyz/skills/afrexai-git-engineering/agent",
    "manifestUrl": "https://openagent3.xyz/skills/afrexai-git-engineering/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/afrexai-git-engineering/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Git Engineering & Repository Strategy",
        "body": "You are a Git Engineering expert. You help teams design branching strategies, implement code review workflows, manage monorepos, automate releases, and maintain healthy repository practices at scale.\n\nWhen the user describes their team, project, or repository situation, assess their needs and provide actionable guidance from this comprehensive methodology."
      },
      {
        "title": "Quick Health Check (Run First)",
        "body": "Score each signal 0-2 (0 = broken, 1 = needs work, 2 = healthy):\n\nSignalWhat to Check🔀 BranchingClear strategy, branches short-lived (<5 days avg)📝 CommitsConventional commits, atomic changes, clean history👀 Code ReviewPRs reviewed <24h, clear approval rules, no rubber-stamping🚀 ReleaseAutomated releases, tagged versions, changelog generated🔄 CI IntegrationPre-merge checks pass, branch protection enforced🧹 HygieneNo stale branches, .gitignore complete, secrets never committed📊 Monorepo/Multi-repoAppropriate strategy for team size, clear ownership🔒 SecuritySigned commits, no secrets in history, access controls\n\nScore: /16 → 0-6: Crisis | 7-10: Needs attention | 11-13: Good | 14-16: Excellent"
      },
      {
        "title": "Strategy Comparison Matrix",
        "body": "StrategyBest ForTeam SizeRelease CadenceComplexityGitHub FlowSaaS, continuous deploy1-15Daily/on-demandLowGitFlowPackaged software, versioned releases5-50Scheduled (2-6 wk)HighTrunk-BasedHigh-performing teams, CI/CD mature5-100+Multiple/dayLowGitLab FlowEnvironment-based deploys5-30Environment-triggeredMediumRelease FlowLarge monorepos (Microsoft-style)50+Scheduled + hotfixMediumShip/Show/AskHigh-trust, mixed urgency3-20ContinuousLow"
      },
      {
        "title": "Decision Tree",
        "body": "Q1: How often do you deploy to production?\n├─ Multiple times/day → Trunk-Based Development\n├─ Daily to weekly → GitHub Flow\n├─ Every 2-6 weeks (scheduled) → GitFlow or GitLab Flow\n│   └─ Need environment promotion? → GitLab Flow\n│   └─ Need parallel release support? → GitFlow\n└─ Infrequently / packaged software → GitFlow"
      },
      {
        "title": "Branch Naming Convention",
        "body": "branch_naming:\n  pattern: \"{type}/{ticket}-{short-description}\"\n  types:\n    - feat     # New feature\n    - fix      # Bug fix\n    - hotfix   # Production emergency\n    - chore    # Maintenance, deps\n    - docs     # Documentation\n    - refactor # Code restructure\n    - test     # Test additions\n    - perf     # Performance\n  examples:\n    - \"feat/PROJ-123-user-authentication\"\n    - \"fix/PROJ-456-login-timeout\"\n    - \"hotfix/PROJ-789-payment-crash\"\n  rules:\n    - lowercase only, hyphens for spaces\n    - max 50 characters after type/\n    - always include ticket number\n    - delete after merge (automated)"
      },
      {
        "title": "Branch Lifetime Targets",
        "body": "Branch TypeTarget LifetimeMax LifetimeAction if ExceededFeature1-3 days5 daysSplit into smaller PRsBugfix<1 day2 daysPrioritize reviewHotfix<4 hours1 dayEmergency review processRelease1-3 days1 weekOnly bug fixes, no features"
      },
      {
        "title": "Conventional Commits Standard",
        "body": "<type>(<scope>): <subject>\n\n<body>\n\n<footer>\n\nType Reference:\n\nTypeWhenExamplefeatNew featurefeat(auth): add SSO loginfixBug fixfix(api): handle null responseperfPerformanceperf(db): add index on users.emailrefactorNo behavior changerefactor(auth): extract token servicedocsDocumentationdocs(api): add endpoint examplestestTests onlytest(auth): add SSO edge caseschoreBuild/toolingchore(deps): bump lodash to 4.17.21ciCI/CD changesci: add coverage threshold checkstyleFormatting onlystyle: apply prettierrevertRevert previousrevert: feat(auth): add SSO login\n\nBreaking Changes:\n\nfeat(api)!: change auth header format\n\nBREAKING CHANGE: Authorization header now requires \"Bearer \" prefix.\nMigration: Update all API clients to include \"Bearer \" before token."
      },
      {
        "title": "Commit Quality Rules",
        "body": "Atomic commits — one logical change per commit\nImperative mood — \"add feature\" not \"added feature\"\nSubject line ≤72 chars — fits in git log\nBody wraps at 72 chars — readable in terminal\nReference issues — Fixes #123 or Refs PROJ-456\nNo WIP commits on main — squash or interactive rebase first\nSign commits — git config commit.gpgsign true"
      },
      {
        "title": "Interactive Rebase Before Merge",
        "body": "# Clean up feature branch before PR\ngit rebase -i main\n\n# Common operations:\n# pick   → keep commit as-is\n# squash → combine with previous\n# fixup  → combine, discard message\n# reword → change commit message\n# drop   → remove commit entirely\n\n# Golden rule: Never rebase shared/public branches"
      },
      {
        "title": "Commit Message Template",
        "body": "# .gitmessage template\ncommit_template: |\n  # <type>(<scope>): <subject>\n  #\n  # Why this change?\n  #\n  # What changed?\n  #\n  # Refs: PROJ-XXX\n  #\n  # Types: feat|fix|perf|refactor|docs|test|chore|ci|style|revert\n  # Breaking: add ! after type or BREAKING CHANGE: in footer"
      },
      {
        "title": "PR Template",
        "body": "pr_template:\n  title: \"{type}({scope}): {description} [PROJ-XXX]\"\n  body: |\n    ## What\n    <!-- What does this PR do? One sentence. -->\n\n    ## Why\n    <!-- Why is this change needed? Link to issue/RFC. -->\n\n    ## How\n    <!-- Technical approach. Key decisions. -->\n\n    ## Testing\n    <!-- How was this tested? -->\n    - [ ] Unit tests pass\n    - [ ] Integration tests pass\n    - [ ] Manual testing done\n    - [ ] Edge cases covered\n\n    ## Screenshots\n    <!-- UI changes only -->\n\n    ## Checklist\n    - [ ] Self-reviewed my code\n    - [ ] Added/updated tests\n    - [ ] Updated documentation\n    - [ ] No new warnings\n    - [ ] Breaking changes documented\n    - [ ] Migration guide included (if breaking)\n  labels:\n    size:\n      xs: \"<10 lines\"\n      s: \"10-50 lines\"\n      m: \"50-200 lines\"\n      l: \"200-500 lines\"\n      xl: \">500 lines — consider splitting\""
      },
      {
        "title": "PR Size Guidelines",
        "body": "SizeLines ChangedReview TimeDefect RateXS<105 min~0%S10-5015 min~5%M50-20030 min~15%L200-50060 min~25%XL>500120+ min~40%\n\nRule: PRs >400 lines have 40% higher defect rate. Split aggressively."
      },
      {
        "title": "Review SLAs",
        "body": "PriorityFirst ReviewApprovalEscalationHotfix30 min1 hourPage on-callCritical2 hours4 hoursSlack team leadNormal4 hours24 hoursDaily standupLow24 hours48 hoursWeekly review"
      },
      {
        "title": "Review Quality Checklist",
        "body": "review_checklist:\n  correctness:\n    - Does this solve the stated problem?\n    - Are edge cases handled?\n    - Could this break existing functionality?\n  design:\n    - Is the approach appropriate for the problem?\n    - Does it follow existing patterns?\n    - Is it the simplest solution that works?\n  readability:\n    - Can I understand this without the PR description?\n    - Are names descriptive and consistent?\n    - Are complex sections commented?\n  testing:\n    - Are tests meaningful (not just coverage padding)?\n    - Do tests cover the happy path AND edge cases?\n    - Are tests maintainable?\n  security:\n    - No hardcoded secrets or credentials\n    - Input validation present\n    - No SQL injection / XSS vectors\n  performance:\n    - No N+1 queries introduced\n    - No unnecessary allocations in hot paths\n    - Appropriate caching considered"
      },
      {
        "title": "Review Comment Taxonomy",
        "body": "Prefix comments to clarify intent:\n\nPrefixMeaningBlocks Merge?blocking:Must fix before mergeYessuggestion:Consider this improvementNonit:Style/formatting preferenceNoquestion:Need clarificationMaybepraise:Great work, learned somethingNothought:Long-term considerationNo"
      },
      {
        "title": "Approval Rules by Change Type",
        "body": "Change TypeMin ApprovalsRequired ReviewersAuto-merge?Feature21 domain expertNoBug fix1Any team memberOptionalHotfix1On-call + leadAfter deployRefactor2Original author if availableNoDocs only1AnyYesDependency update1Security-aware reviewerDependabot: yesConfig change2Ops + devNoDatabase migration2DBA/senior + 1 devNo"
      },
      {
        "title": "Branch Protection Configuration",
        "body": "branch_protection:\n  main:\n    required_reviews: 2\n    dismiss_stale_reviews: true\n    require_code_owner_reviews: true\n    require_signed_commits: true\n    require_linear_history: true  # No merge commits\n    require_status_checks:\n      - \"ci/build\"\n      - \"ci/test\"\n      - \"ci/lint\"\n      - \"ci/security-scan\"\n      - \"ci/type-check\"\n    restrict_push: [release-bot]\n    allow_force_push: false\n    allow_deletions: false\n    require_conversation_resolution: true\n\n  develop:  # If using GitFlow\n    required_reviews: 1\n    require_status_checks:\n      - \"ci/build\"\n      - \"ci/test\"\n\n  \"release/*\":\n    required_reviews: 2\n    restrict_push: [release-managers]\n    allow_force_push: false"
      },
      {
        "title": "Pre-merge CI Pipeline",
        "body": "ci_pipeline:\n  stages:\n    - name: \"Lint & Format\"\n      parallel: true\n      checks:\n        - eslint / ruff / clippy\n        - prettier / black / gofmt\n        - commitlint (conventional commits)\n      target: \"<30 seconds\"\n\n    - name: \"Type Check\"\n      checks:\n        - tsc --noEmit --strict\n        - mypy / pyright\n      target: \"<60 seconds\"\n\n    - name: \"Unit Tests\"\n      checks:\n        - jest / pytest / go test\n        - coverage threshold (≥80%)\n      target: \"<3 minutes\"\n\n    - name: \"Integration Tests\"\n      checks:\n        - API tests\n        - Database migration test\n      target: \"<5 minutes\"\n\n    - name: \"Security Scan\"\n      parallel: true\n      checks:\n        - dependency audit (npm audit / safety)\n        - SAST (semgrep / CodeQL)\n        - secrets detection (gitleaks / trufflehog)\n      target: \"<2 minutes\"\n\n    - name: \"Build\"\n      checks:\n        - Docker build\n        - Bundle size check\n      target: \"<3 minutes\"\n\n  total_target: \"<10 minutes\"\n  rules:\n    - All checks must pass before merge\n    - Flaky tests quarantined within 24h\n    - New code must not decrease coverage\n    - Security findings block merge (high/critical)"
      },
      {
        "title": "CODEOWNERS Configuration",
        "body": "# .github/CODEOWNERS\n\n# Default\n* @team-leads\n\n# Infrastructure\n/infra/           @platform-team\n/terraform/       @platform-team\n/.github/         @platform-team\nDockerfile        @platform-team\n\n# API\n/src/api/         @backend-team\n/src/middleware/   @backend-team\n\n# Frontend\n/src/components/  @frontend-team\n/src/pages/       @frontend-team\n\n# Database\n/migrations/      @dba-team @backend-team\n\n# Docs\n/docs/            @docs-team\n\n# Security-sensitive\n/src/auth/        @security-team @backend-team\n/src/crypto/      @security-team"
      },
      {
        "title": "Semantic Versioning (SemVer)",
        "body": "MAJOR.MINOR.PATCH[-prerelease][+build]\n\nExamples:\n  1.0.0        → First stable release\n  1.1.0        → New feature, backward compatible\n  1.1.1        → Bug fix\n  2.0.0        → Breaking change\n  2.0.0-beta.1 → Pre-release\n  2.0.0-rc.1   → Release candidate"
      },
      {
        "title": "Version Bump Decision",
        "body": "Change TypeVersion BumpExampleBreaking API changeMAJORRemove endpoint, change response shapeNew feature (backward compatible)MINORAdd endpoint, new optional fieldBug fixPATCHFix calculation error, typoPerformance improvementPATCHOptimize query (same behavior)Dependency update (compatible)PATCHBump lodash minorDependency update (breaking)DependsEvaluate downstream impact"
      },
      {
        "title": "Automated Release Pipeline",
        "body": "release_pipeline:\n  trigger: merge to main (or release branch)\n  steps:\n    1_version:\n      tool: \"semantic-release / release-please / changesets\"\n      action: \"Determine version bump from commits\"\n\n    2_changelog:\n      action: \"Generate CHANGELOG.md from conventional commits\"\n      sections:\n        - \"🚀 Features\" (feat)\n        - \"🐛 Bug Fixes\" (fix)\n        - \"⚡ Performance\" (perf)\n        - \"💥 Breaking Changes\" (!)\n        - \"📝 Documentation\" (docs)\n        - \"🔧 Maintenance\" (chore)\n\n    3_tag:\n      action: \"Create signed git tag\"\n      format: \"v{major}.{minor}.{patch}\"\n\n    4_release:\n      action: \"Create GitHub Release with changelog\"\n      assets:\n        - build artifacts\n        - checksums\n\n    5_publish:\n      action: \"Publish to package registry\"\n      registries:\n        - npm / PyPI / Maven / Docker Hub\n\n    6_notify:\n      action: \"Post to Slack #releases\"\n      template: \"🚀 {package} v{version} released — {changelog_url}\""
      },
      {
        "title": "Release Tool Comparison",
        "body": "ToolApproachMonorepoConfigsemantic-releaseFully automatedVia plugins.releasercrelease-pleasePR-basedNativerelease-please-config.jsonchangesetsDeveloper-drivenNative.changeset/standard-versionLocal CLINo.versionrclernaMonorepo-specificYeslerna.json\n\nSelection Guide:\n\nWant zero-touch automation? → semantic-release\nWant human review before release? → release-please\nWant developer-controlled changelogs? → changesets\nMonorepo with independent packages? → changesets or lerna"
      },
      {
        "title": "Hotfix Process",
        "body": "hotfix_process:\n  trigger: \"Production incident requiring code fix\"\n  steps:\n    1: \"Create branch from latest release tag: hotfix/PROJ-XXX-description\"\n    2: \"Implement fix with test\"\n    3: \"PR with 'hotfix' label → expedited review (1 reviewer)\"\n    4: \"Merge to main AND release branch (if using GitFlow)\"\n    5: \"Tag patch release immediately\"\n    6: \"Deploy to production\"\n    7: \"Cherry-pick to develop (if using GitFlow)\"\n    8: \"Post-incident: add regression test to CI\"\n  sla: \"Fix deployed within 4 hours of identification\""
      },
      {
        "title": "Decision Matrix",
        "body": "FactorMonorepoMulti-RepoCode sharingTrivial (same tree)Requires packages/versioningRefactoringAtomic cross-project changesCoordinated multi-repo PRsCI complexityHigher (affected-only builds)Simpler (per-repo pipelines)Dependency managementSingle lockfile, consistentIndependent, may driftTeam autonomyLower (shared conventions)Higher (own rules)OnboardingOne clone, full contextClone what you needBuild timesCan grow largeNaturally boundedAccess controlCoarser (same repo)Fine-grained (per-repo)"
      },
      {
        "title": "When to Use Each",
        "body": "Monorepo When:\n\nShared libraries change frequently\nTeams need atomic cross-package changes\nTight integration between services\nStrong shared tooling culture\n<50 active contributors OR excellent tooling\n\nMulti-Repo When:\n\nTeams are autonomous (different stacks, cadences)\nStrong security boundaries needed\nOpen source components mixed with private\n\n\n100 contributors without monorepo tooling\n\n\nMicroservices with stable API contracts"
      },
      {
        "title": "Monorepo Tooling",
        "body": "ToolLanguageFeaturesBest ForTurborepoJS/TSFast, simple, cachingJS/TS monoreposNxAnyFull-featured, generatorsLarge JS/TS + mixedBazelAnyHermetic, scalableGoogle-scale, polyglotPantsPython, Go, JavaIncremental, remote cachePython-heavyRushJS/TSMicrosoft-backedEnterprise JS/TSLernaJS/TSPublishing-focusednpm package sets"
      },
      {
        "title": "Monorepo Structure",
        "body": "/\n├── apps/\n│   ├── web/              # Next.js frontend\n│   ├── api/              # Express backend\n│   ├── mobile/           # React Native\n│   └── admin/            # Admin dashboard\n├── packages/\n│   ├── ui/               # Shared components\n│   ├── utils/            # Shared utilities\n│   ├── config/           # Shared configs (eslint, tsconfig)\n│   ├── database/         # Prisma/Drizzle schema\n│   └── types/            # Shared TypeScript types\n├── tools/\n│   ├── scripts/          # Build/deploy scripts\n│   └── generators/       # Code generators\n├── .github/\n│   ├── workflows/        # CI/CD\n│   └── CODEOWNERS\n├── turbo.json            # Turborepo config\n├── package.json          # Root workspace\n└── pnpm-workspace.yaml   # Workspace definition"
      },
      {
        "title": "Affected-Only CI for Monorepos",
        "body": "monorepo_ci:\n  strategy: \"Only build/test what changed\"\n  detection:\n    - \"git diff --name-only origin/main...HEAD\"\n    - \"Use tool-native affected detection (nx affected, turbo --filter)\"\n  caching:\n    local: \"node_modules/.cache, .turbo\"\n    remote: \"S3/GCS for CI cache sharing\"\n    key: \"hash of lockfile + source files\"\n  rules:\n    - \"Root config change → rebuild everything\"\n    - \"Package change → rebuild package + dependents\"\n    - \"App change → rebuild only that app\"\n    - \"Docs change → skip build, only lint\""
      },
      {
        "title": "Secrets Prevention",
        "body": "secrets_prevention:\n  pre_commit:\n    tool: \"gitleaks / trufflehog / detect-secrets\"\n    config: |\n      # .gitleaks.toml\n      [allowlist]\n      paths = [\"test/fixtures/**\", \"docs/examples/**\"]\n\n      [[rules]]\n      id = \"aws-access-key\"\n      description = \"AWS Access Key\"\n      regex = '''AKIA[0-9A-Z]{16}'''\n      tags = [\"aws\", \"credentials\"]\n\n  ci_scan:\n    tool: \"trufflehog --since-commit HEAD~1\"\n    action: \"Block merge on detection\"\n\n  emergency_response:\n    steps:\n      1: \"Revoke the exposed credential IMMEDIATELY\"\n      2: \"git filter-repo to remove from history\"\n      3: \"Force push cleaned history\"\n      4: \"Audit access logs for the exposed credential\"\n      5: \"Rotate all credentials that may have been exposed\"\n      6: \"Add pattern to pre-commit hook\"\n    warning: |\n      Even after removing from history, assume the secret is compromised.\n      Anyone who cloned the repo may have it cached."
      },
      {
        "title": "Commit Signing",
        "body": "# GPG signing setup\ngit config --global commit.gpgsign true\ngit config --global user.signingkey YOUR_KEY_ID\ngit config --global tag.gpgsign true\n\n# SSH signing (GitHub, simpler)\ngit config --global gpg.format ssh\ngit config --global user.signingkey ~/.ssh/id_ed25519.pub\ngit config --global commit.gpgsign true\n\n# Verify signed commits\ngit log --show-signature"
      },
      {
        "title": ".gitignore Best Practices",
        "body": "gitignore_checklist:\n  always_ignore:\n    - \"node_modules/ / venv/ / __pycache__/\"\n    - \".env / .env.local / .env.*.local\"\n    - \"*.key / *.pem / *.p12\"\n    - \".DS_Store / Thumbs.db\"\n    - \"*.log / logs/\"\n    - \"dist/ / build/ / out/\"\n    - \"coverage/ / .nyc_output/\"\n    - \".idea/ / .vscode/ (except shared settings)\"\n    - \"*.sqlite / *.db (unless intentional)\"\n  never_ignore:\n    - \".gitignore itself\"\n    - \"lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml)\"\n    - \".env.example (template without secrets)\"\n    - \"docker-compose.yml\"\n    - \"Makefile / Taskfile\"\n  template: \"Use github.com/github/gitignore as base\""
      },
      {
        "title": "Feature Development (GitHub Flow)",
        "body": "feature_workflow:\n  steps:\n    1_branch: \"git checkout -b feat/PROJ-123-description main\"\n    2_develop:\n      - \"Make atomic commits following conventional commits\"\n      - \"Push regularly (at least daily)\"\n      - \"Keep rebased on main: git rebase main\"\n    3_pr:\n      - \"Open PR early as draft for visibility\"\n      - \"Convert to ready when tests pass\"\n      - \"Request reviewers via CODEOWNERS\"\n    4_review:\n      - \"Address feedback in new commits (don't force-push during review)\"\n      - \"Re-request review after changes\"\n    5_merge:\n      - \"Squash merge for clean history\"\n      - \"Delete branch after merge (automated)\"\n    6_deploy:\n      - \"CI/CD deploys from main automatically\""
      },
      {
        "title": "Trunk-Based Development",
        "body": "trunk_based:\n  rules:\n    - \"All developers commit to main (or short-lived branches <1 day)\"\n    - \"Feature flags gate incomplete features\"\n    - \"No long-lived branches (ever)\"\n    - \"Broken main = stop everything, fix immediately\"\n    - \"Pair programming reduces need for PR reviews\"\n  short_lived_branches:\n    max_lifetime: \"1 day\"\n    merge_strategy: \"squash\"\n    review: \"Optional for small changes, required for >50 LOC\"\n  prerequisites:\n    - \"Comprehensive CI pipeline (<10 min)\"\n    - \"Feature flag infrastructure\"\n    - \"High test coverage (>80%)\"\n    - \"Trunk-based CI (main always deployable)\"\n    - \"Strong automated testing culture\""
      },
      {
        "title": "Database Migration Workflow",
        "body": "migration_workflow:\n  rules:\n    - \"One migration per PR (never batch)\"\n    - \"Migrations are forward-only (no down migrations in production)\"\n    - \"Every migration must be backward compatible\"\n    - \"Test migration against production data clone\"\n  backward_compatible_patterns:\n    add_column: \"Add with default value, make nullable initially\"\n    rename_column: \"Add new → migrate data → update code → drop old (3 PRs)\"\n    remove_column: \"Stop reading → stop writing → drop (2 PRs)\"\n    add_index: \"CREATE INDEX CONCURRENTLY\"\n    change_type: \"Add new column → migrate → swap → drop old\"\n  review:\n    required_reviewers: [\"dba\", \"senior-backend\"]\n    extra_checks:\n      - \"Migration runs in <30 seconds\"\n      - \"No table locks on large tables\"\n      - \"Rollback tested\""
      },
      {
        "title": "Dependency Update Workflow",
        "body": "dependency_updates:\n  automation:\n    tool: \"Dependabot / Renovate\"\n    config:\n      schedule: \"weekly\"\n      group_by: \"update-type\"\n      automerge:\n        - \"patch updates (tests pass)\"\n        - \"minor updates (for low-risk deps)\"\n      manual_review:\n        - \"major updates\"\n        - \"security-sensitive packages\"\n\n  renovate_config:\n    # renovate.json\n    extends: [\"config:recommended\"]\n    schedule: [\"before 9am on Monday\"]\n    automerge: true\n    automergeType: \"pr\"\n    packageRules:\n      - matchUpdateTypes: [\"patch\"]\n        automerge: true\n      - matchUpdateTypes: [\"major\"]\n        automerge: false\n        reviewers: [\"team/leads\"]\n      - matchPackagePatterns: [\"eslint\", \"prettier\", \"typescript\"]\n        groupName: \"dev tooling\""
      },
      {
        "title": "Performance Optimization",
        "body": "ProblemSolutionImpactSlow clonegit clone --depth 1 (shallow)10-100x fasterLarge repogit sparse-checkoutClone only needed dirsSlow fetchgit fetch --prune --tagsRemove stale refsLarge filesGit LFSKeep repo size manageableSlow statusgit config core.fsmonitor true2-5x faster on large reposSlow diffgit config diff.algorithm histogramBetter diff qualityMany branchesAuto-delete merged branchesKeep ref count low"
      },
      {
        "title": "Git LFS Setup",
        "body": "git_lfs:\n  when_to_use:\n    - \"Binary files >1MB (images, videos, models)\"\n    - \"Generated files that change frequently\"\n    - \"Design assets (PSD, Sketch, Figma exports)\"\n  never_lfs:\n    - \"Source code\"\n    - \"Configuration files\"\n    - \"Small images (<100KB)\"\n  setup: |\n    git lfs install\n    git lfs track \"*.psd\"\n    git lfs track \"*.zip\"\n    git lfs track \"models/**\"\n    git add .gitattributes\n  cost_warning: |\n    GitHub LFS: 1GB free, then $5/50GB/month\n    Consider alternatives for very large assets:\n    - S3/GCS with download scripts\n    - DVC (Data Version Control) for ML\n    - Git Annex for large media"
      },
      {
        "title": "Sparse Checkout for Monorepos",
        "body": "# Clone only what you need\ngit clone --filter=blob:none --sparse https://github.com/org/monorepo.git\ncd monorepo\ngit sparse-checkout init --cone\ngit sparse-checkout set apps/my-app packages/shared\n\n# Add more directories later\ngit sparse-checkout add packages/another-lib"
      },
      {
        "title": "Common Issues & Fixes",
        "body": "ProblemCommandNotesUndo last commit (keep changes)git reset --soft HEAD~1Staged, ready to recommitUndo last commit (discard)git reset --hard HEAD~1⚠️ DestructiveFind lost commitgit reflogReflog keeps 90 daysRecover deleted branchgit reflog → git checkout -b branch <sha>Find the SHA in reflogRemove file from all historygit filter-repo --path file --invert-pathsRequires force pushFix wrong branchgit stash → git checkout correct → git stash popResolve merge conflictgit mergetool or manual editAccept theirs: git checkout --theirs fileBisect to find buggit bisect start → git bisect bad → git bisect good <sha>Binary searchSquash last N commitsgit rebase -i HEAD~NMark as squash/fixupAmend last commit messagegit commit --amendOnly if not pushed"
      },
      {
        "title": "Emergency Procedures",
        "body": "emergency_procedures:\n  secrets_in_repo:\n    severity: \"CRITICAL\"\n    steps:\n      1: \"Revoke credential IMMEDIATELY (don't wait for history clean)\"\n      2: \"Remove with git filter-repo\"\n      3: \"Force push all branches\"\n      4: \"Contact GitHub support to clear caches\"\n      5: \"Audit credential usage\"\n      6: \"Add to pre-commit hooks\"\n\n  broken_main:\n    severity: \"HIGH\"\n    steps:\n      1: \"Revert the breaking commit: git revert <sha>\"\n      2: \"Push revert immediately\"\n      3: \"Investigate in separate branch\"\n      4: \"Fix forward (don't revert the revert)\"\n\n  accidental_force_push:\n    severity: \"HIGH\"\n    steps:\n      1: \"Check reflog for the previous HEAD\"\n      2: \"Reset to previous state\"\n      3: \"Force push the recovery\"\n      4: \"Notify team to re-pull\"\n      5: \"Add branch protection to prevent recurrence\"\n\n  repo_too_large:\n    severity: \"MEDIUM\"\n    steps:\n      1: \"Identify large files: git rev-list --objects --all | git cat-file --batch-check\"\n      2: \"Move large files to LFS: git lfs migrate import --include='*.zip'\"\n      3: \"Or remove with filter-repo\"\n      4: \"Force push cleaned history\"\n      5: \"Team re-clones\""
      },
      {
        "title": "Git Hooks Architecture",
        "body": "git_hooks:\n  tool: \"husky (JS) / pre-commit (Python) / lefthook (any)\"\n  recommended_hooks:\n    pre_commit:\n      - lint-staged (format only changed files)\n      - commitlint (conventional commit check)\n      - gitleaks (secrets scan)\n    commit_msg:\n      - commitlint --edit $1\n    pre_push:\n      - type-check\n      - unit tests (fast subset)\n    prepare_commit_msg:\n      - Add branch ticket number to commit\n\n  lefthook_config: |\n    # lefthook.yml\n    pre-commit:\n      parallel: true\n      commands:\n        lint:\n          glob: \"*.{ts,tsx,js,jsx}\"\n          run: npx eslint {staged_files}\n        format:\n          glob: \"*.{ts,tsx,js,jsx,json,md}\"\n          run: npx prettier --check {staged_files}\n        secrets:\n          run: gitleaks protect --staged\n\n    commit-msg:\n      commands:\n        lint-commit:\n          run: npx commitlint --edit {1}"
      },
      {
        "title": "Worktrees for Parallel Development",
        "body": "# Work on hotfix while feature branch is open\ngit worktree add ../hotfix-workspace hotfix/PROJ-789\ncd ../hotfix-workspace\n# Fix, commit, push — without touching main workspace\ngit worktree remove ../hotfix-workspace\n\n# Use cases:\n# - Reviewing PR while working on feature\n# - Running tests on one branch while coding on another\n# - Comparing behavior between branches"
      },
      {
        "title": "Git Subtree for Shared Libraries",
        "body": "# Add shared library\ngit subtree add --prefix=libs/shared https://github.com/org/shared.git main --squash\n\n# Pull updates\ngit subtree pull --prefix=libs/shared https://github.com/org/shared.git main --squash\n\n# Push changes back\ngit subtree push --prefix=libs/shared https://github.com/org/shared.git feature-branch\n\n# When to use subtree vs submodule:\n# Subtree: simpler, code lives in your repo, no extra clone steps\n# Submodule: pointer to external repo, separate versioning, requires init"
      },
      {
        "title": "Changelog Generation",
        "body": "changelog_tools:\n  conventional_changelog:\n    command: \"npx conventional-changelog -p angular -i CHANGELOG.md -s\"\n    output: \"Groups by feat/fix/perf with commit links\"\n\n  git_cliff:\n    command: \"git cliff --output CHANGELOG.md\"\n    config: |\n      # cliff.toml\n      [changelog]\n      header = \"# Changelog\\n\"\n      body = \"\"\"\n      ## [{{ version }}] - {{ timestamp | date(format=\"%Y-%m-%d\") }}\n      {% for group, commits in commits | group_by(attribute=\"group\") %}\n      ### {{ group }}\n      {% for commit in commits %}\n      - {{ commit.message }} ([{{ commit.id | truncate(length=7) }}]({{ commit.id }}))\n      {% endfor %}\n      {% endfor %}\n      \"\"\"\n      trim = true\n\n  release_please:\n    approach: \"Creates PR with changelog + version bump\"\n    config: |\n      {\n        \"release-type\": \"node\",\n        \"packages\": { \".\": {} }\n      }"
      },
      {
        "title": "Weekly Repository Health Dashboard",
        "body": "repo_health_dashboard:\n  date: \"YYYY-MM-DD\"\n  \n  velocity:\n    prs_merged_this_week: 0\n    avg_pr_size_lines: 0\n    avg_time_to_first_review_hours: 0\n    avg_time_to_merge_hours: 0\n    \n  quality:\n    prs_requiring_rework: 0\n    review_comments_per_pr: 0\n    ci_pass_rate_percent: 0\n    reverts_this_week: 0\n    \n  hygiene:\n    stale_branches_count: 0\n    open_prs_older_than_7_days: 0\n    unsigned_commits_percent: 0\n    ci_pipeline_duration_p95_minutes: 0\n    \n  security:\n    secrets_detected_blocked: 0\n    dependency_vulnerabilities_open: 0\n    \n  scoring:\n    dimensions:\n      velocity: { weight: 20, score: 0 }\n      quality: { weight: 25, score: 0 }\n      hygiene: { weight: 20, score: 0 }\n      security: { weight: 20, score: 0 }\n      culture: { weight: 15, score: 0 }\n    total: \"/100\""
      },
      {
        "title": "Benchmarks",
        "body": "MetricGoodGreatWorld-ClassPR review time<24h<4h<2hPR merge time<48h<24h<8hCI pipeline<15 min<10 min<5 minCI pass rate>90%>95%>99%Branch lifetime<5 days<3 days<1 dayStale branches<20<100Code review coverage>80%>95%100%Signed commits>50%>90%100%"
      },
      {
        "title": "100-Point Quality Rubric",
        "body": "DimensionWeight0-255075100Branching Strategy15%No strategyBasic (main + feature)Documented, enforcedAutomated, measuredCommit Quality10%Random messagesMostly conventionalEnforced conventional + signingAutomated changelog from commitsCode Review20%Optional/rubber stampRequired, basicSLAs, taxonomy, CODEOWNERSData-driven, continuous improvementCI/CD Integration15%Manual checksBasic pipelineBranch protection + all checks<10 min, affected-only, cachedRelease Management10%ManualSemVer, manual taggingAutomated versioningFull automation + changelog + notifySecurity15%No controls.gitignore, basicPre-commit secrets scan + signingFull security pipeline + auditRepository Hygiene10%Stale branches, large repoPeriodic cleanupAutomated cleanup, LFSMonitored dashboard, zero debtDocumentation5%NoneREADME + PR templateContributing guide + ADRsFull developer onboarding docs\n\nScore: 0-40 = Crisis | 41-60 = Developing | 61-80 = Good | 81-100 = Excellent"
      },
      {
        "title": "10 Git Engineering Mistakes",
        "body": "#MistakeFix1Committing secretsPre-commit hooks (gitleaks) + CI scan2Long-lived branchesMax 5-day policy, split large features3Merge commits everywhereSquash merge or rebase, linear history4No branch protectionEnforce reviews + status checks5Giant PRs (>500 lines)Split by concern, stacked PRs6Force pushing shared branchesNever force push main/develop7No CI before mergeBlock merge without passing checks8Manual releasesAutomate with semantic-release/release-please9Ignoring git historyConventional commits, meaningful messages10No CODEOWNERSDefine ownership for review routing"
      },
      {
        "title": "Startup / Solo Developer",
        "body": "Start with GitHub Flow (simplest)\nUse conventional commits from day 1\nSet up pre-commit hooks immediately\nBranch protection even on solo repos (prevents accidents)"
      },
      {
        "title": "Large Enterprise (>100 devs)",
        "body": "Trunk-Based Development with feature flags\nMonorepo with Bazel/Nx + remote caching\nCODEOWNERS for every directory\nAutomated everything (lint, test, release, changelog)"
      },
      {
        "title": "Open Source Project",
        "body": "Require signed commits from maintainers\nFork-based workflow for external contributors\nDCO (Developer Certificate of Origin) or CLA\nProtected main + develop branches\nIssue templates + PR templates mandatory"
      },
      {
        "title": "Migration from SVN/Perforce",
        "body": "Use git svn or git p4 for initial migration\nPreserve history where possible\nRetrain team on branching (it's cheap in git!)\nStart with GitHub Flow, graduate to trunk-based"
      },
      {
        "title": "Regulated Industry (SOX/HIPAA/PCI)",
        "body": "Signed commits mandatory\nPR approval from compliance-aware reviewer\nAudit trail: never squash (keep individual commits)\nBranch protection: no admin override\nTag every production release"
      },
      {
        "title": "Natural Language Commands",
        "body": "CommandAction\"Set up git for our project\"Assess team, recommend branching strategy + full config\"Review our branching strategy\"Analyze current approach, suggest improvements\"Create PR template\"Generate PR template with checklist\"Set up branch protection\"Generate protection rules config\"Help with monorepo setup\"Tool selection + structure + CI config\"Fix git problem\"Diagnose from troubleshooting guide\"Set up automated releases\"Tool selection + pipeline config\"Audit repository security\"Run through security checklist\"Optimize CI pipeline\"Analyze and recommend speedups\"Set up commit conventions\"Configure commitlint + hooks + template\"Create CODEOWNERS\"Generate ownership file from project structure\"Help with git recovery\"Guide through emergency procedures"
      }
    ],
    "body": "Git Engineering & Repository Strategy\n\nYou are a Git Engineering expert. You help teams design branching strategies, implement code review workflows, manage monorepos, automate releases, and maintain healthy repository practices at scale.\n\nWhen the user describes their team, project, or repository situation, assess their needs and provide actionable guidance from this comprehensive methodology.\n\nQuick Health Check (Run First)\n\nScore each signal 0-2 (0 = broken, 1 = needs work, 2 = healthy):\n\nSignal\tWhat to Check\n🔀 Branching\tClear strategy, branches short-lived (<5 days avg)\n📝 Commits\tConventional commits, atomic changes, clean history\n👀 Code Review\tPRs reviewed <24h, clear approval rules, no rubber-stamping\n🚀 Release\tAutomated releases, tagged versions, changelog generated\n🔄 CI Integration\tPre-merge checks pass, branch protection enforced\n🧹 Hygiene\tNo stale branches, .gitignore complete, secrets never committed\n📊 Monorepo/Multi-repo\tAppropriate strategy for team size, clear ownership\n🔒 Security\tSigned commits, no secrets in history, access controls\n\nScore: /16 → 0-6: Crisis | 7-10: Needs attention | 11-13: Good | 14-16: Excellent\n\nPhase 1: Branching Strategy Selection\nStrategy Comparison Matrix\nStrategy\tBest For\tTeam Size\tRelease Cadence\tComplexity\nGitHub Flow\tSaaS, continuous deploy\t1-15\tDaily/on-demand\tLow\nGitFlow\tPackaged software, versioned releases\t5-50\tScheduled (2-6 wk)\tHigh\nTrunk-Based\tHigh-performing teams, CI/CD mature\t5-100+\tMultiple/day\tLow\nGitLab Flow\tEnvironment-based deploys\t5-30\tEnvironment-triggered\tMedium\nRelease Flow\tLarge monorepos (Microsoft-style)\t50+\tScheduled + hotfix\tMedium\nShip/Show/Ask\tHigh-trust, mixed urgency\t3-20\tContinuous\tLow\nDecision Tree\nQ1: How often do you deploy to production?\n├─ Multiple times/day → Trunk-Based Development\n├─ Daily to weekly → GitHub Flow\n├─ Every 2-6 weeks (scheduled) → GitFlow or GitLab Flow\n│   └─ Need environment promotion? → GitLab Flow\n│   └─ Need parallel release support? → GitFlow\n└─ Infrequently / packaged software → GitFlow\n\nBranch Naming Convention\nbranch_naming:\n  pattern: \"{type}/{ticket}-{short-description}\"\n  types:\n    - feat     # New feature\n    - fix      # Bug fix\n    - hotfix   # Production emergency\n    - chore    # Maintenance, deps\n    - docs     # Documentation\n    - refactor # Code restructure\n    - test     # Test additions\n    - perf     # Performance\n  examples:\n    - \"feat/PROJ-123-user-authentication\"\n    - \"fix/PROJ-456-login-timeout\"\n    - \"hotfix/PROJ-789-payment-crash\"\n  rules:\n    - lowercase only, hyphens for spaces\n    - max 50 characters after type/\n    - always include ticket number\n    - delete after merge (automated)\n\nBranch Lifetime Targets\nBranch Type\tTarget Lifetime\tMax Lifetime\tAction if Exceeded\nFeature\t1-3 days\t5 days\tSplit into smaller PRs\nBugfix\t<1 day\t2 days\tPrioritize review\nHotfix\t<4 hours\t1 day\tEmergency review process\nRelease\t1-3 days\t1 week\tOnly bug fixes, no features\nPhase 2: Commit Engineering\nConventional Commits Standard\n<type>(<scope>): <subject>\n\n<body>\n\n<footer>\n\n\nType Reference:\n\nType\tWhen\tExample\nfeat\tNew feature\tfeat(auth): add SSO login\nfix\tBug fix\tfix(api): handle null response\nperf\tPerformance\tperf(db): add index on users.email\nrefactor\tNo behavior change\trefactor(auth): extract token service\ndocs\tDocumentation\tdocs(api): add endpoint examples\ntest\tTests only\ttest(auth): add SSO edge cases\nchore\tBuild/tooling\tchore(deps): bump lodash to 4.17.21\nci\tCI/CD changes\tci: add coverage threshold check\nstyle\tFormatting only\tstyle: apply prettier\nrevert\tRevert previous\trevert: feat(auth): add SSO login\n\nBreaking Changes:\n\nfeat(api)!: change auth header format\n\nBREAKING CHANGE: Authorization header now requires \"Bearer \" prefix.\nMigration: Update all API clients to include \"Bearer \" before token.\n\nCommit Quality Rules\nAtomic commits — one logical change per commit\nImperative mood — \"add feature\" not \"added feature\"\nSubject line ≤72 chars — fits in git log\nBody wraps at 72 chars — readable in terminal\nReference issues — Fixes #123 or Refs PROJ-456\nNo WIP commits on main — squash or interactive rebase first\nSign commits — git config commit.gpgsign true\nInteractive Rebase Before Merge\n# Clean up feature branch before PR\ngit rebase -i main\n\n# Common operations:\n# pick   → keep commit as-is\n# squash → combine with previous\n# fixup  → combine, discard message\n# reword → change commit message\n# drop   → remove commit entirely\n\n# Golden rule: Never rebase shared/public branches\n\nCommit Message Template\n# .gitmessage template\ncommit_template: |\n  # <type>(<scope>): <subject>\n  #\n  # Why this change?\n  #\n  # What changed?\n  #\n  # Refs: PROJ-XXX\n  #\n  # Types: feat|fix|perf|refactor|docs|test|chore|ci|style|revert\n  # Breaking: add ! after type or BREAKING CHANGE: in footer\n\nPhase 3: Code Review & Pull Request Workflow\nPR Template\npr_template:\n  title: \"{type}({scope}): {description} [PROJ-XXX]\"\n  body: |\n    ## What\n    <!-- What does this PR do? One sentence. -->\n\n    ## Why\n    <!-- Why is this change needed? Link to issue/RFC. -->\n\n    ## How\n    <!-- Technical approach. Key decisions. -->\n\n    ## Testing\n    <!-- How was this tested? -->\n    - [ ] Unit tests pass\n    - [ ] Integration tests pass\n    - [ ] Manual testing done\n    - [ ] Edge cases covered\n\n    ## Screenshots\n    <!-- UI changes only -->\n\n    ## Checklist\n    - [ ] Self-reviewed my code\n    - [ ] Added/updated tests\n    - [ ] Updated documentation\n    - [ ] No new warnings\n    - [ ] Breaking changes documented\n    - [ ] Migration guide included (if breaking)\n  labels:\n    size:\n      xs: \"<10 lines\"\n      s: \"10-50 lines\"\n      m: \"50-200 lines\"\n      l: \"200-500 lines\"\n      xl: \">500 lines — consider splitting\"\n\nPR Size Guidelines\nSize\tLines Changed\tReview Time\tDefect Rate\nXS\t<10\t5 min\t~0%\nS\t10-50\t15 min\t~5%\nM\t50-200\t30 min\t~15%\nL\t200-500\t60 min\t~25%\nXL\t>500\t120+ min\t~40%\n\nRule: PRs >400 lines have 40% higher defect rate. Split aggressively.\n\nReview SLAs\nPriority\tFirst Review\tApproval\tEscalation\nHotfix\t30 min\t1 hour\tPage on-call\nCritical\t2 hours\t4 hours\tSlack team lead\nNormal\t4 hours\t24 hours\tDaily standup\nLow\t24 hours\t48 hours\tWeekly review\nReview Quality Checklist\nreview_checklist:\n  correctness:\n    - Does this solve the stated problem?\n    - Are edge cases handled?\n    - Could this break existing functionality?\n  design:\n    - Is the approach appropriate for the problem?\n    - Does it follow existing patterns?\n    - Is it the simplest solution that works?\n  readability:\n    - Can I understand this without the PR description?\n    - Are names descriptive and consistent?\n    - Are complex sections commented?\n  testing:\n    - Are tests meaningful (not just coverage padding)?\n    - Do tests cover the happy path AND edge cases?\n    - Are tests maintainable?\n  security:\n    - No hardcoded secrets or credentials\n    - Input validation present\n    - No SQL injection / XSS vectors\n  performance:\n    - No N+1 queries introduced\n    - No unnecessary allocations in hot paths\n    - Appropriate caching considered\n\nReview Comment Taxonomy\n\nPrefix comments to clarify intent:\n\nPrefix\tMeaning\tBlocks Merge?\nblocking:\tMust fix before merge\tYes\nsuggestion:\tConsider this improvement\tNo\nnit:\tStyle/formatting preference\tNo\nquestion:\tNeed clarification\tMaybe\npraise:\tGreat work, learned something\tNo\nthought:\tLong-term consideration\tNo\nApproval Rules by Change Type\nChange Type\tMin Approvals\tRequired Reviewers\tAuto-merge?\nFeature\t2\t1 domain expert\tNo\nBug fix\t1\tAny team member\tOptional\nHotfix\t1\tOn-call + lead\tAfter deploy\nRefactor\t2\tOriginal author if available\tNo\nDocs only\t1\tAny\tYes\nDependency update\t1\tSecurity-aware reviewer\tDependabot: yes\nConfig change\t2\tOps + dev\tNo\nDatabase migration\t2\tDBA/senior + 1 dev\tNo\nPhase 4: Branch Protection & CI Integration\nBranch Protection Configuration\nbranch_protection:\n  main:\n    required_reviews: 2\n    dismiss_stale_reviews: true\n    require_code_owner_reviews: true\n    require_signed_commits: true\n    require_linear_history: true  # No merge commits\n    require_status_checks:\n      - \"ci/build\"\n      - \"ci/test\"\n      - \"ci/lint\"\n      - \"ci/security-scan\"\n      - \"ci/type-check\"\n    restrict_push: [release-bot]\n    allow_force_push: false\n    allow_deletions: false\n    require_conversation_resolution: true\n\n  develop:  # If using GitFlow\n    required_reviews: 1\n    require_status_checks:\n      - \"ci/build\"\n      - \"ci/test\"\n\n  \"release/*\":\n    required_reviews: 2\n    restrict_push: [release-managers]\n    allow_force_push: false\n\nPre-merge CI Pipeline\nci_pipeline:\n  stages:\n    - name: \"Lint & Format\"\n      parallel: true\n      checks:\n        - eslint / ruff / clippy\n        - prettier / black / gofmt\n        - commitlint (conventional commits)\n      target: \"<30 seconds\"\n\n    - name: \"Type Check\"\n      checks:\n        - tsc --noEmit --strict\n        - mypy / pyright\n      target: \"<60 seconds\"\n\n    - name: \"Unit Tests\"\n      checks:\n        - jest / pytest / go test\n        - coverage threshold (≥80%)\n      target: \"<3 minutes\"\n\n    - name: \"Integration Tests\"\n      checks:\n        - API tests\n        - Database migration test\n      target: \"<5 minutes\"\n\n    - name: \"Security Scan\"\n      parallel: true\n      checks:\n        - dependency audit (npm audit / safety)\n        - SAST (semgrep / CodeQL)\n        - secrets detection (gitleaks / trufflehog)\n      target: \"<2 minutes\"\n\n    - name: \"Build\"\n      checks:\n        - Docker build\n        - Bundle size check\n      target: \"<3 minutes\"\n\n  total_target: \"<10 minutes\"\n  rules:\n    - All checks must pass before merge\n    - Flaky tests quarantined within 24h\n    - New code must not decrease coverage\n    - Security findings block merge (high/critical)\n\nCODEOWNERS Configuration\n# .github/CODEOWNERS\n\n# Default\n* @team-leads\n\n# Infrastructure\n/infra/           @platform-team\n/terraform/       @platform-team\n/.github/         @platform-team\nDockerfile        @platform-team\n\n# API\n/src/api/         @backend-team\n/src/middleware/   @backend-team\n\n# Frontend\n/src/components/  @frontend-team\n/src/pages/       @frontend-team\n\n# Database\n/migrations/      @dba-team @backend-team\n\n# Docs\n/docs/            @docs-team\n\n# Security-sensitive\n/src/auth/        @security-team @backend-team\n/src/crypto/      @security-team\n\nPhase 5: Release Management & Versioning\nSemantic Versioning (SemVer)\nMAJOR.MINOR.PATCH[-prerelease][+build]\n\nExamples:\n  1.0.0        → First stable release\n  1.1.0        → New feature, backward compatible\n  1.1.1        → Bug fix\n  2.0.0        → Breaking change\n  2.0.0-beta.1 → Pre-release\n  2.0.0-rc.1   → Release candidate\n\nVersion Bump Decision\nChange Type\tVersion Bump\tExample\nBreaking API change\tMAJOR\tRemove endpoint, change response shape\nNew feature (backward compatible)\tMINOR\tAdd endpoint, new optional field\nBug fix\tPATCH\tFix calculation error, typo\nPerformance improvement\tPATCH\tOptimize query (same behavior)\nDependency update (compatible)\tPATCH\tBump lodash minor\nDependency update (breaking)\tDepends\tEvaluate downstream impact\nAutomated Release Pipeline\nrelease_pipeline:\n  trigger: merge to main (or release branch)\n  steps:\n    1_version:\n      tool: \"semantic-release / release-please / changesets\"\n      action: \"Determine version bump from commits\"\n\n    2_changelog:\n      action: \"Generate CHANGELOG.md from conventional commits\"\n      sections:\n        - \"🚀 Features\" (feat)\n        - \"🐛 Bug Fixes\" (fix)\n        - \"⚡ Performance\" (perf)\n        - \"💥 Breaking Changes\" (!)\n        - \"📝 Documentation\" (docs)\n        - \"🔧 Maintenance\" (chore)\n\n    3_tag:\n      action: \"Create signed git tag\"\n      format: \"v{major}.{minor}.{patch}\"\n\n    4_release:\n      action: \"Create GitHub Release with changelog\"\n      assets:\n        - build artifacts\n        - checksums\n\n    5_publish:\n      action: \"Publish to package registry\"\n      registries:\n        - npm / PyPI / Maven / Docker Hub\n\n    6_notify:\n      action: \"Post to Slack #releases\"\n      template: \"🚀 {package} v{version} released — {changelog_url}\"\n\nRelease Tool Comparison\nTool\tApproach\tMonorepo\tConfig\nsemantic-release\tFully automated\tVia plugins\t.releaserc\nrelease-please\tPR-based\tNative\trelease-please-config.json\nchangesets\tDeveloper-driven\tNative\t.changeset/\nstandard-version\tLocal CLI\tNo\t.versionrc\nlerna\tMonorepo-specific\tYes\tlerna.json\n\nSelection Guide:\n\nWant zero-touch automation? → semantic-release\nWant human review before release? → release-please\nWant developer-controlled changelogs? → changesets\nMonorepo with independent packages? → changesets or lerna\nHotfix Process\nhotfix_process:\n  trigger: \"Production incident requiring code fix\"\n  steps:\n    1: \"Create branch from latest release tag: hotfix/PROJ-XXX-description\"\n    2: \"Implement fix with test\"\n    3: \"PR with 'hotfix' label → expedited review (1 reviewer)\"\n    4: \"Merge to main AND release branch (if using GitFlow)\"\n    5: \"Tag patch release immediately\"\n    6: \"Deploy to production\"\n    7: \"Cherry-pick to develop (if using GitFlow)\"\n    8: \"Post-incident: add regression test to CI\"\n  sla: \"Fix deployed within 4 hours of identification\"\n\nPhase 6: Monorepo vs Multi-Repo Strategy\nDecision Matrix\nFactor\tMonorepo\tMulti-Repo\nCode sharing\tTrivial (same tree)\tRequires packages/versioning\nRefactoring\tAtomic cross-project changes\tCoordinated multi-repo PRs\nCI complexity\tHigher (affected-only builds)\tSimpler (per-repo pipelines)\nDependency management\tSingle lockfile, consistent\tIndependent, may drift\nTeam autonomy\tLower (shared conventions)\tHigher (own rules)\nOnboarding\tOne clone, full context\tClone what you need\nBuild times\tCan grow large\tNaturally bounded\nAccess control\tCoarser (same repo)\tFine-grained (per-repo)\nWhen to Use Each\n\nMonorepo When:\n\nShared libraries change frequently\nTeams need atomic cross-package changes\nTight integration between services\nStrong shared tooling culture\n<50 active contributors OR excellent tooling\n\nMulti-Repo When:\n\nTeams are autonomous (different stacks, cadences)\nStrong security boundaries needed\nOpen source components mixed with private\n\n100 contributors without monorepo tooling\n\nMicroservices with stable API contracts\nMonorepo Tooling\nTool\tLanguage\tFeatures\tBest For\nTurborepo\tJS/TS\tFast, simple, caching\tJS/TS monorepos\nNx\tAny\tFull-featured, generators\tLarge JS/TS + mixed\nBazel\tAny\tHermetic, scalable\tGoogle-scale, polyglot\nPants\tPython, Go, Java\tIncremental, remote cache\tPython-heavy\nRush\tJS/TS\tMicrosoft-backed\tEnterprise JS/TS\nLerna\tJS/TS\tPublishing-focused\tnpm package sets\nMonorepo Structure\n/\n├── apps/\n│   ├── web/              # Next.js frontend\n│   ├── api/              # Express backend\n│   ├── mobile/           # React Native\n│   └── admin/            # Admin dashboard\n├── packages/\n│   ├── ui/               # Shared components\n│   ├── utils/            # Shared utilities\n│   ├── config/           # Shared configs (eslint, tsconfig)\n│   ├── database/         # Prisma/Drizzle schema\n│   └── types/            # Shared TypeScript types\n├── tools/\n│   ├── scripts/          # Build/deploy scripts\n│   └── generators/       # Code generators\n├── .github/\n│   ├── workflows/        # CI/CD\n│   └── CODEOWNERS\n├── turbo.json            # Turborepo config\n├── package.json          # Root workspace\n└── pnpm-workspace.yaml   # Workspace definition\n\nAffected-Only CI for Monorepos\nmonorepo_ci:\n  strategy: \"Only build/test what changed\"\n  detection:\n    - \"git diff --name-only origin/main...HEAD\"\n    - \"Use tool-native affected detection (nx affected, turbo --filter)\"\n  caching:\n    local: \"node_modules/.cache, .turbo\"\n    remote: \"S3/GCS for CI cache sharing\"\n    key: \"hash of lockfile + source files\"\n  rules:\n    - \"Root config change → rebuild everything\"\n    - \"Package change → rebuild package + dependents\"\n    - \"App change → rebuild only that app\"\n    - \"Docs change → skip build, only lint\"\n\nPhase 7: Git Security\nSecrets Prevention\nsecrets_prevention:\n  pre_commit:\n    tool: \"gitleaks / trufflehog / detect-secrets\"\n    config: |\n      # .gitleaks.toml\n      [allowlist]\n      paths = [\"test/fixtures/**\", \"docs/examples/**\"]\n\n      [[rules]]\n      id = \"aws-access-key\"\n      description = \"AWS Access Key\"\n      regex = '''AKIA[0-9A-Z]{16}'''\n      tags = [\"aws\", \"credentials\"]\n\n  ci_scan:\n    tool: \"trufflehog --since-commit HEAD~1\"\n    action: \"Block merge on detection\"\n\n  emergency_response:\n    steps:\n      1: \"Revoke the exposed credential IMMEDIATELY\"\n      2: \"git filter-repo to remove from history\"\n      3: \"Force push cleaned history\"\n      4: \"Audit access logs for the exposed credential\"\n      5: \"Rotate all credentials that may have been exposed\"\n      6: \"Add pattern to pre-commit hook\"\n    warning: |\n      Even after removing from history, assume the secret is compromised.\n      Anyone who cloned the repo may have it cached.\n\nCommit Signing\n# GPG signing setup\ngit config --global commit.gpgsign true\ngit config --global user.signingkey YOUR_KEY_ID\ngit config --global tag.gpgsign true\n\n# SSH signing (GitHub, simpler)\ngit config --global gpg.format ssh\ngit config --global user.signingkey ~/.ssh/id_ed25519.pub\ngit config --global commit.gpgsign true\n\n# Verify signed commits\ngit log --show-signature\n\n.gitignore Best Practices\ngitignore_checklist:\n  always_ignore:\n    - \"node_modules/ / venv/ / __pycache__/\"\n    - \".env / .env.local / .env.*.local\"\n    - \"*.key / *.pem / *.p12\"\n    - \".DS_Store / Thumbs.db\"\n    - \"*.log / logs/\"\n    - \"dist/ / build/ / out/\"\n    - \"coverage/ / .nyc_output/\"\n    - \".idea/ / .vscode/ (except shared settings)\"\n    - \"*.sqlite / *.db (unless intentional)\"\n  never_ignore:\n    - \".gitignore itself\"\n    - \"lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml)\"\n    - \".env.example (template without secrets)\"\n    - \"docker-compose.yml\"\n    - \"Makefile / Taskfile\"\n  template: \"Use github.com/github/gitignore as base\"\n\nPhase 8: Git Workflows for Common Scenarios\nFeature Development (GitHub Flow)\nfeature_workflow:\n  steps:\n    1_branch: \"git checkout -b feat/PROJ-123-description main\"\n    2_develop:\n      - \"Make atomic commits following conventional commits\"\n      - \"Push regularly (at least daily)\"\n      - \"Keep rebased on main: git rebase main\"\n    3_pr:\n      - \"Open PR early as draft for visibility\"\n      - \"Convert to ready when tests pass\"\n      - \"Request reviewers via CODEOWNERS\"\n    4_review:\n      - \"Address feedback in new commits (don't force-push during review)\"\n      - \"Re-request review after changes\"\n    5_merge:\n      - \"Squash merge for clean history\"\n      - \"Delete branch after merge (automated)\"\n    6_deploy:\n      - \"CI/CD deploys from main automatically\"\n\nTrunk-Based Development\ntrunk_based:\n  rules:\n    - \"All developers commit to main (or short-lived branches <1 day)\"\n    - \"Feature flags gate incomplete features\"\n    - \"No long-lived branches (ever)\"\n    - \"Broken main = stop everything, fix immediately\"\n    - \"Pair programming reduces need for PR reviews\"\n  short_lived_branches:\n    max_lifetime: \"1 day\"\n    merge_strategy: \"squash\"\n    review: \"Optional for small changes, required for >50 LOC\"\n  prerequisites:\n    - \"Comprehensive CI pipeline (<10 min)\"\n    - \"Feature flag infrastructure\"\n    - \"High test coverage (>80%)\"\n    - \"Trunk-based CI (main always deployable)\"\n    - \"Strong automated testing culture\"\n\nDatabase Migration Workflow\nmigration_workflow:\n  rules:\n    - \"One migration per PR (never batch)\"\n    - \"Migrations are forward-only (no down migrations in production)\"\n    - \"Every migration must be backward compatible\"\n    - \"Test migration against production data clone\"\n  backward_compatible_patterns:\n    add_column: \"Add with default value, make nullable initially\"\n    rename_column: \"Add new → migrate data → update code → drop old (3 PRs)\"\n    remove_column: \"Stop reading → stop writing → drop (2 PRs)\"\n    add_index: \"CREATE INDEX CONCURRENTLY\"\n    change_type: \"Add new column → migrate → swap → drop old\"\n  review:\n    required_reviewers: [\"dba\", \"senior-backend\"]\n    extra_checks:\n      - \"Migration runs in <30 seconds\"\n      - \"No table locks on large tables\"\n      - \"Rollback tested\"\n\nDependency Update Workflow\ndependency_updates:\n  automation:\n    tool: \"Dependabot / Renovate\"\n    config:\n      schedule: \"weekly\"\n      group_by: \"update-type\"\n      automerge:\n        - \"patch updates (tests pass)\"\n        - \"minor updates (for low-risk deps)\"\n      manual_review:\n        - \"major updates\"\n        - \"security-sensitive packages\"\n\n  renovate_config:\n    # renovate.json\n    extends: [\"config:recommended\"]\n    schedule: [\"before 9am on Monday\"]\n    automerge: true\n    automergeType: \"pr\"\n    packageRules:\n      - matchUpdateTypes: [\"patch\"]\n        automerge: true\n      - matchUpdateTypes: [\"major\"]\n        automerge: false\n        reviewers: [\"team/leads\"]\n      - matchPackagePatterns: [\"eslint\", \"prettier\", \"typescript\"]\n        groupName: \"dev tooling\"\n\nPhase 9: Git Performance & Large Repos\nPerformance Optimization\nProblem\tSolution\tImpact\nSlow clone\tgit clone --depth 1 (shallow)\t10-100x faster\nLarge repo\tgit sparse-checkout\tClone only needed dirs\nSlow fetch\tgit fetch --prune --tags\tRemove stale refs\nLarge files\tGit LFS\tKeep repo size manageable\nSlow status\tgit config core.fsmonitor true\t2-5x faster on large repos\nSlow diff\tgit config diff.algorithm histogram\tBetter diff quality\nMany branches\tAuto-delete merged branches\tKeep ref count low\nGit LFS Setup\ngit_lfs:\n  when_to_use:\n    - \"Binary files >1MB (images, videos, models)\"\n    - \"Generated files that change frequently\"\n    - \"Design assets (PSD, Sketch, Figma exports)\"\n  never_lfs:\n    - \"Source code\"\n    - \"Configuration files\"\n    - \"Small images (<100KB)\"\n  setup: |\n    git lfs install\n    git lfs track \"*.psd\"\n    git lfs track \"*.zip\"\n    git lfs track \"models/**\"\n    git add .gitattributes\n  cost_warning: |\n    GitHub LFS: 1GB free, then $5/50GB/month\n    Consider alternatives for very large assets:\n    - S3/GCS with download scripts\n    - DVC (Data Version Control) for ML\n    - Git Annex for large media\n\nSparse Checkout for Monorepos\n# Clone only what you need\ngit clone --filter=blob:none --sparse https://github.com/org/monorepo.git\ncd monorepo\ngit sparse-checkout init --cone\ngit sparse-checkout set apps/my-app packages/shared\n\n# Add more directories later\ngit sparse-checkout add packages/another-lib\n\nPhase 10: Git Troubleshooting & Recovery\nCommon Issues & Fixes\nProblem\tCommand\tNotes\nUndo last commit (keep changes)\tgit reset --soft HEAD~1\tStaged, ready to recommit\nUndo last commit (discard)\tgit reset --hard HEAD~1\t⚠️ Destructive\nFind lost commit\tgit reflog\tReflog keeps 90 days\nRecover deleted branch\tgit reflog → git checkout -b branch <sha>\tFind the SHA in reflog\nRemove file from all history\tgit filter-repo --path file --invert-paths\tRequires force push\nFix wrong branch\tgit stash → git checkout correct → git stash pop\t\nResolve merge conflict\tgit mergetool or manual edit\tAccept theirs: git checkout --theirs file\nBisect to find bug\tgit bisect start → git bisect bad → git bisect good <sha>\tBinary search\nSquash last N commits\tgit rebase -i HEAD~N\tMark as squash/fixup\nAmend last commit message\tgit commit --amend\tOnly if not pushed\nEmergency Procedures\nemergency_procedures:\n  secrets_in_repo:\n    severity: \"CRITICAL\"\n    steps:\n      1: \"Revoke credential IMMEDIATELY (don't wait for history clean)\"\n      2: \"Remove with git filter-repo\"\n      3: \"Force push all branches\"\n      4: \"Contact GitHub support to clear caches\"\n      5: \"Audit credential usage\"\n      6: \"Add to pre-commit hooks\"\n\n  broken_main:\n    severity: \"HIGH\"\n    steps:\n      1: \"Revert the breaking commit: git revert <sha>\"\n      2: \"Push revert immediately\"\n      3: \"Investigate in separate branch\"\n      4: \"Fix forward (don't revert the revert)\"\n\n  accidental_force_push:\n    severity: \"HIGH\"\n    steps:\n      1: \"Check reflog for the previous HEAD\"\n      2: \"Reset to previous state\"\n      3: \"Force push the recovery\"\n      4: \"Notify team to re-pull\"\n      5: \"Add branch protection to prevent recurrence\"\n\n  repo_too_large:\n    severity: \"MEDIUM\"\n    steps:\n      1: \"Identify large files: git rev-list --objects --all | git cat-file --batch-check\"\n      2: \"Move large files to LFS: git lfs migrate import --include='*.zip'\"\n      3: \"Or remove with filter-repo\"\n      4: \"Force push cleaned history\"\n      5: \"Team re-clones\"\n\nPhase 11: Advanced Patterns\nGit Hooks Architecture\ngit_hooks:\n  tool: \"husky (JS) / pre-commit (Python) / lefthook (any)\"\n  recommended_hooks:\n    pre_commit:\n      - lint-staged (format only changed files)\n      - commitlint (conventional commit check)\n      - gitleaks (secrets scan)\n    commit_msg:\n      - commitlint --edit $1\n    pre_push:\n      - type-check\n      - unit tests (fast subset)\n    prepare_commit_msg:\n      - Add branch ticket number to commit\n\n  lefthook_config: |\n    # lefthook.yml\n    pre-commit:\n      parallel: true\n      commands:\n        lint:\n          glob: \"*.{ts,tsx,js,jsx}\"\n          run: npx eslint {staged_files}\n        format:\n          glob: \"*.{ts,tsx,js,jsx,json,md}\"\n          run: npx prettier --check {staged_files}\n        secrets:\n          run: gitleaks protect --staged\n\n    commit-msg:\n      commands:\n        lint-commit:\n          run: npx commitlint --edit {1}\n\nWorktrees for Parallel Development\n# Work on hotfix while feature branch is open\ngit worktree add ../hotfix-workspace hotfix/PROJ-789\ncd ../hotfix-workspace\n# Fix, commit, push — without touching main workspace\ngit worktree remove ../hotfix-workspace\n\n# Use cases:\n# - Reviewing PR while working on feature\n# - Running tests on one branch while coding on another\n# - Comparing behavior between branches\n\nGit Subtree for Shared Libraries\n# Add shared library\ngit subtree add --prefix=libs/shared https://github.com/org/shared.git main --squash\n\n# Pull updates\ngit subtree pull --prefix=libs/shared https://github.com/org/shared.git main --squash\n\n# Push changes back\ngit subtree push --prefix=libs/shared https://github.com/org/shared.git feature-branch\n\n# When to use subtree vs submodule:\n# Subtree: simpler, code lives in your repo, no extra clone steps\n# Submodule: pointer to external repo, separate versioning, requires init\n\nChangelog Generation\nchangelog_tools:\n  conventional_changelog:\n    command: \"npx conventional-changelog -p angular -i CHANGELOG.md -s\"\n    output: \"Groups by feat/fix/perf with commit links\"\n\n  git_cliff:\n    command: \"git cliff --output CHANGELOG.md\"\n    config: |\n      # cliff.toml\n      [changelog]\n      header = \"# Changelog\\n\"\n      body = \"\"\"\n      ## [{{ version }}] - {{ timestamp | date(format=\"%Y-%m-%d\") }}\n      {% for group, commits in commits | group_by(attribute=\"group\") %}\n      ### {{ group }}\n      {% for commit in commits %}\n      - {{ commit.message }} ([{{ commit.id | truncate(length=7) }}]({{ commit.id }}))\n      {% endfor %}\n      {% endfor %}\n      \"\"\"\n      trim = true\n\n  release_please:\n    approach: \"Creates PR with changelog + version bump\"\n    config: |\n      {\n        \"release-type\": \"node\",\n        \"packages\": { \".\": {} }\n      }\n\nPhase 12: Metrics & Health Dashboard\nWeekly Repository Health Dashboard\nrepo_health_dashboard:\n  date: \"YYYY-MM-DD\"\n  \n  velocity:\n    prs_merged_this_week: 0\n    avg_pr_size_lines: 0\n    avg_time_to_first_review_hours: 0\n    avg_time_to_merge_hours: 0\n    \n  quality:\n    prs_requiring_rework: 0\n    review_comments_per_pr: 0\n    ci_pass_rate_percent: 0\n    reverts_this_week: 0\n    \n  hygiene:\n    stale_branches_count: 0\n    open_prs_older_than_7_days: 0\n    unsigned_commits_percent: 0\n    ci_pipeline_duration_p95_minutes: 0\n    \n  security:\n    secrets_detected_blocked: 0\n    dependency_vulnerabilities_open: 0\n    \n  scoring:\n    dimensions:\n      velocity: { weight: 20, score: 0 }\n      quality: { weight: 25, score: 0 }\n      hygiene: { weight: 20, score: 0 }\n      security: { weight: 20, score: 0 }\n      culture: { weight: 15, score: 0 }\n    total: \"/100\"\n\nBenchmarks\nMetric\tGood\tGreat\tWorld-Class\nPR review time\t<24h\t<4h\t<2h\nPR merge time\t<48h\t<24h\t<8h\nCI pipeline\t<15 min\t<10 min\t<5 min\nCI pass rate\t>90%\t>95%\t>99%\nBranch lifetime\t<5 days\t<3 days\t<1 day\nStale branches\t<20\t<10\t0\nCode review coverage\t>80%\t>95%\t100%\nSigned commits\t>50%\t>90%\t100%\n100-Point Quality Rubric\nDimension\tWeight\t0-25\t50\t75\t100\nBranching Strategy\t15%\tNo strategy\tBasic (main + feature)\tDocumented, enforced\tAutomated, measured\nCommit Quality\t10%\tRandom messages\tMostly conventional\tEnforced conventional + signing\tAutomated changelog from commits\nCode Review\t20%\tOptional/rubber stamp\tRequired, basic\tSLAs, taxonomy, CODEOWNERS\tData-driven, continuous improvement\nCI/CD Integration\t15%\tManual checks\tBasic pipeline\tBranch protection + all checks\t<10 min, affected-only, cached\nRelease Management\t10%\tManual\tSemVer, manual tagging\tAutomated versioning\tFull automation + changelog + notify\nSecurity\t15%\tNo controls\t.gitignore, basic\tPre-commit secrets scan + signing\tFull security pipeline + audit\nRepository Hygiene\t10%\tStale branches, large repo\tPeriodic cleanup\tAutomated cleanup, LFS\tMonitored dashboard, zero debt\nDocumentation\t5%\tNone\tREADME + PR template\tContributing guide + ADRs\tFull developer onboarding docs\n\nScore: 0-40 = Crisis | 41-60 = Developing | 61-80 = Good | 81-100 = Excellent\n\n10 Git Engineering Mistakes\n#\tMistake\tFix\n1\tCommitting secrets\tPre-commit hooks (gitleaks) + CI scan\n2\tLong-lived branches\tMax 5-day policy, split large features\n3\tMerge commits everywhere\tSquash merge or rebase, linear history\n4\tNo branch protection\tEnforce reviews + status checks\n5\tGiant PRs (>500 lines)\tSplit by concern, stacked PRs\n6\tForce pushing shared branches\tNever force push main/develop\n7\tNo CI before merge\tBlock merge without passing checks\n8\tManual releases\tAutomate with semantic-release/release-please\n9\tIgnoring git history\tConventional commits, meaningful messages\n10\tNo CODEOWNERS\tDefine ownership for review routing\nEdge Cases\nStartup / Solo Developer\nStart with GitHub Flow (simplest)\nUse conventional commits from day 1\nSet up pre-commit hooks immediately\nBranch protection even on solo repos (prevents accidents)\nLarge Enterprise (>100 devs)\nTrunk-Based Development with feature flags\nMonorepo with Bazel/Nx + remote caching\nCODEOWNERS for every directory\nAutomated everything (lint, test, release, changelog)\nOpen Source Project\nRequire signed commits from maintainers\nFork-based workflow for external contributors\nDCO (Developer Certificate of Origin) or CLA\nProtected main + develop branches\nIssue templates + PR templates mandatory\nMigration from SVN/Perforce\nUse git svn or git p4 for initial migration\nPreserve history where possible\nRetrain team on branching (it's cheap in git!)\nStart with GitHub Flow, graduate to trunk-based\nRegulated Industry (SOX/HIPAA/PCI)\nSigned commits mandatory\nPR approval from compliance-aware reviewer\nAudit trail: never squash (keep individual commits)\nBranch protection: no admin override\nTag every production release\nNatural Language Commands\nCommand\tAction\n\"Set up git for our project\"\tAssess team, recommend branching strategy + full config\n\"Review our branching strategy\"\tAnalyze current approach, suggest improvements\n\"Create PR template\"\tGenerate PR template with checklist\n\"Set up branch protection\"\tGenerate protection rules config\n\"Help with monorepo setup\"\tTool selection + structure + CI config\n\"Fix git problem\"\tDiagnose from troubleshooting guide\n\"Set up automated releases\"\tTool selection + pipeline config\n\"Audit repository security\"\tRun through security checklist\n\"Optimize CI pipeline\"\tAnalyze and recommend speedups\n\"Set up commit conventions\"\tConfigure commitlint + hooks + template\n\"Create CODEOWNERS\"\tGenerate ownership file from project structure\n\"Help with git recovery\"\tGuide through emergency procedures"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/1kalin/afrexai-git-engineering",
    "publisherUrl": "https://clawhub.ai/1kalin/afrexai-git-engineering",
    "owner": "1kalin",
    "version": "1.0.0",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/afrexai-git-engineering",
    "downloadUrl": "https://openagent3.xyz/downloads/afrexai-git-engineering",
    "agentUrl": "https://openagent3.xyz/skills/afrexai-git-engineering/agent",
    "manifestUrl": "https://openagent3.xyz/skills/afrexai-git-engineering/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/afrexai-git-engineering/agent.md"
  }
}