Commit and Push

A safe commit-and-push workflow that screens for secrets and sensitive files before staging, detects submodules for targeted commits, and handles the full commit-push cycle including push failure recovery.

Workflow

Phase 1: Security Screening

The security screen runs before any staging. It surfaces files and content that pose risks if committed.

Detection targets:

• Secrets and credentials (API keys, tokens, passwords, private keys)
• Environment and configuration files with sensitive values (.env, .env.*, credentials files)
• Certificate and key files (.pem, .key, .p12, .pfx, .jks)
• Cloud provider credential files (AWS, GCP, Azure configs)
• Database connection strings and dump files
• Large binaries and build artifacts