claudiomaradonna/claude-plugin-conventional-commit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

chore: strengthen commit signing pre-flight in /commit skill #3

Merged
claudiomaradonna merged 1 commit from chore/signing-pre-flight into main 2026-05-02 17:02:58 +02:00
Conversation 0 Commits 1 Files changed 3 +30 -7
claudiomaradonna commented 2026-05-02 16:39:19 +02:00
Owner
Copy link

The /commit skill could end up at a git commit invocation with signing enabled and an unusable key — the failure surfaces only after the message is composed, which is exactly when the temptation to silently -c commit.gpgsign=false past it is highest. Promote the existing SSH-key-recovery block to a real signing pre-flight that runs before staging, generalize it beyond ssh (covering gpg.format=openpgp and x509), keep the ssh-agent recovery path intact, and — when recovery is not possible — stop and ask the user explicitly with three options: stop, fix, or authorize -c commit.gpgsign=false for this single commit only (never persisted). Add a matching entry under Safety rules and a one-line note in the README pre-flight description. Version bumped to 0.6.0.

Merge: rebase.

The /commit skill could end up at a `git commit` invocation with signing enabled and an unusable key — the failure surfaces only after the message is composed, which is exactly when the temptation to silently `-c commit.gpgsign=false` past it is highest. Promote the existing SSH-key-recovery block to a real signing pre-flight that runs before staging, generalize it beyond ssh (covering `gpg.format=openpgp` and `x509`), keep the ssh-agent recovery path intact, and — when recovery is not possible — stop and ask the user explicitly with three options: stop, fix, or authorize `-c commit.gpgsign=false` for this single commit only (never persisted). Add a matching entry under Safety rules and a one-line note in the README pre-flight description. Version bumped to 0.6.0. Merge: rebase.
Make /commit verify that the configured signing key is usable *before*
staging, instead of letting the commit fail late and tempting a silent
`-c commit.gpgsign=false` shortcut. The pre-flight now covers all
gpg.format values (ssh, openpgp, x509), keeps the existing ssh-agent
recovery path, and — crucially — when recovery isn't possible it stops
and asks the user explicitly, surfacing what is configured, why it
cannot be used, and three options (stop / fix / authorize unsigned for
this single commit only). Add a matching safety rule and README note.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
claudiomaradonna/claude-plugin-conventional-commit!3
No description provided.