Git Workflow And Versioning

1---2name: git-workflow-and-versioning3description: Structures git workflow practices. Use when making any code change. Use when committing, branching, resolving conflicts, or when you need to organize work across multiple parallel streams.4---5 6# Git Workflow and Versioning7 8## Overview9 10Git is your safety net. Treat commits as save points, branches as sandboxes, and history as documentation. With AI agents generating code at high speed, disciplined version control is the mechanism that keeps changes manageable, reviewable, and reversible.11 12## When to Use13 14Always. Every code change flows through git.15 16## Core Principles17 18### Trunk-Based Development (Recommended)19 20Keep `main` always deployable. Work in short-lived feature branches that merge back within 1-3 days. Long-lived development branches are hidden costs — they diverge, create merge conflicts, and delay integration. DORA research consistently shows trunk-based development correlates with high-performing engineering teams.21 22```23main ──●──●──●──●──●──●──●──●──●──  (always deployable)24        ╲      ╱  ╲    ╱25         ●──●─╱    ●──╱    ← short-lived feature branches (1-3 days)26```27 28This is the recommended default. Teams using gitflow or long-lived branches can adapt the principles (atomic commits, small changes, descriptive messages) to their branching model — the commit discipline matters more than the specific branching strategy.29 30- **Dev branches are costs.** Every day a branch lives, it accumulates merge risk.31- **Release branches are acceptable.** When you need to stabilize a release while main moves forward.32- **Feature flags > long branches.** Prefer deploying incomplete work behind flags rather than keeping it on a branch for weeks.33 34### 1. Commit Early, Commit Often35 36Each successful increment gets its own commit. Don't accumulate large uncommitted changes.37 38```39Work pattern:40  Implement slice → Test → Verify → Commit → Next slice41 42Not this:43  Implement everything → Hope it works → Giant commit44```45 46Commits are save points. If the next change breaks something, you can revert to the last known-good state instantly.47 48### 2. Atomic Commits49 50Each commit does one logical thing:51 52```53# Good: Each commit is self-contained54git log --oneline55a1b2c3d Add task creation endpoint with validation56d4e5f6g Add task creation form component57h7i8j9k Connect form to API and add loading state58m1n2o3p Add task creation tests (unit + integration)59 60# Bad: Everything mixed together61git log --oneline62x1y2z3a Add task feature, fix sidebar, update deps, refactor utils63```64 65### 3. Descriptive Messages66 67Commit messages explain the *why*, not just the *what*:68 69```70# Good: Explains intent71feat: add email validation to registration endpoint72 73Prevents invalid email formats from reaching the database.74Uses Zod schema validation at the route handler level,75consistent with existing validation patterns in auth.ts.76 77# Bad: Describes what's obvious from the diff78update auth.ts79```80 81**Format:**82```83<type>: <short description>84 85<optional body explaining why, not what>86```87 88**Types:**89- `feat` — New feature90- `fix` — Bug fix91- `refactor` — Code change that neither fixes a bug nor adds a feature92- `test` — Adding or updating tests93- `docs` — Documentation only94- `chore` — Tooling, dependencies, config95 96### 4. Keep Concerns Separate97 98Don't combine formatting changes with behavior changes. Don't combine refactors with features. Each type of change should be a separate commit — and ideally a separate PR:99 100```101# Good: Separate concerns102git commit -m "refactor: extract validation logic to shared utility"103git commit -m "feat: add phone number validation to registration"104 105# Bad: Mixed concerns106git commit -m "refactor validation and add phone number field"107```108 109**Separate refactoring from feature work.** A refactoring change and a feature change are two different changes — submit them separately. This makes each change easier to review, revert, and understand in history. Small cleanups (renaming a variable) can be included in a feature commit at reviewer discretion.110 111### 5. Size Your Changes112 113Target ~100 lines per commit/PR. Changes over ~1000 lines should be split. See the splitting strategies in `code-review-and-quality` for how to break down large changes.114 115```116~100 lines  → Easy to review, easy to revert117~300 lines  → Acceptable for a single logical change118~1000 lines → Split into smaller changes119```120 121## Branching Strategy122 123### Feature Branches124 125```126main (always deployable)127  │128  ├── feature/task-creation    ← One feature per branch129  ├── feature/user-settings    ← Parallel work130  └── fix/duplicate-tasks      ← Bug fixes131```132 133- Branch from `main` (or the team's default branch)134- Keep branches short-lived (merge within 1-3 days) — long-lived branches are hidden costs135- Delete branches after merge136- Prefer feature flags over long-lived branches for incomplete features137 138### Branch Naming139 140```141feature/<short-description>   → feature/task-creation142fix/<short-description>       → fix/duplicate-tasks143chore/<short-description>     → chore/update-deps144refactor/<short-description>  → refactor/auth-module145```146 147## Working with Worktrees148 149For parallel AI agent work, use git worktrees to run multiple branches simultaneously:150 151```bash152# Create a worktree for a feature branch153git worktree add ../project-feature-a feature/task-creation154git worktree add ../project-feature-b feature/user-settings155 156# Each worktree is a separate directory with its own branch157# Agents can work in parallel without interfering158ls ../159  project/              ← main branch160  project-feature-a/    ← task-creation branch161  project-feature-b/    ← user-settings branch162 163# When done, merge and clean up164git worktree remove ../project-feature-a165```166 167Benefits:168- Multiple agents can work on different features simultaneously169- No branch switching needed (each directory has its own branch)170- If one experiment fails, delete the worktree — nothing is lost171- Changes are isolated until explicitly merged172 173## The Save Point Pattern174 175```176Agent starts work177    │178    ├── Makes a change179    │   ├── Test passes? → Commit → Continue180    │   └── Test fails? → Revert to last commit → Investigate181    │182    ├── Makes another change183    │   ├── Test passes? → Commit → Continue184    │   └── Test fails? → Revert to last commit → Investigate185    │186    └── Feature complete → All commits form a clean history187```188 189This pattern means you never lose more than one increment of work. If an agent goes off the rails, `git reset --hard HEAD` takes you back to the last successful state.190 191## Change Summaries192 193After any modification, provide a structured summary. This makes review easier, documents scope discipline, and surfaces unintended changes:194 195```196CHANGES MADE:197- src/routes/tasks.ts: Added validation middleware to POST endpoint198- src/lib/validation.ts: Added TaskCreateSchema using Zod199 200THINGS I DIDN'T TOUCH (intentionally):201- src/routes/auth.ts: Has similar validation gap but out of scope202- src/middleware/error.ts: Error format could be improved (separate task)203 204POTENTIAL CONCERNS:205- The Zod schema is strict — rejects extra fields. Confirm this is desired.206- Added zod as a dependency (72KB gzipped) — already in package.json207```208 209This pattern catches wrong assumptions early and gives reviewers a clear map of the change. The "DIDN'T TOUCH" section is especially important — it shows you exercised scope discipline and didn't go on an unsolicited renovation.210 211## Pre-Commit Hygiene212 213Before every commit:214 215```bash216# 1. Check what you're about to commit217git diff --staged218 219# 2. Ensure no secrets220git diff --staged | grep -i "password\|secret\|api_key\|token"221 222# 3. Run tests223npm test224 225# 4. Run linting226npm run lint227 228# 5. Run type checking229npx tsc --noEmit230```231 232Automate this with git hooks:233 234```json235// package.json (using lint-staged + husky)236{237  "lint-staged": {238    "*.{ts,tsx}": ["eslint --fix", "prettier --write"],239    "*.{json,md}": ["prettier --write"]240  }241}242```243 244## Handling Generated Files245 246- **Commit generated files** only if the project expects them (e.g., `package-lock.json`, Prisma migrations)247- **Don't commit** build output (`dist/`, `.next/`), environment files (`.env`), or IDE config (`.vscode/settings.json` unless shared)248- **Have a `.gitignore`** that covers: `node_modules/`, `dist/`, `.env`, `.env.local`, `*.pem`249 250## Using Git for Debugging251 252```bash253# Find which commit introduced a bug254git bisect start255git bisect bad HEAD256git bisect good <known-good-commit>257# Git checkouts midpoints; run your test at each to narrow down258 259# View what changed recently260git log --oneline -20261git diff HEAD~5..HEAD -- src/262 263# Find who last changed a specific line264git blame src/services/task.ts265 266# Search commit messages for a keyword267git log --grep="validation" --oneline268```269 270## Common Rationalizations271 272| Rationalization | Reality |273|---|---|274| "I'll commit when the feature is done" | One giant commit is impossible to review, debug, or revert. Commit each slice. |275| "The message doesn't matter" | Messages are documentation. Future you (and future agents) will need to understand what changed and why. |276| "I'll squash it all later" | Squashing destroys the development narrative. Prefer clean incremental commits from the start. |277| "Branches add overhead" | Short-lived branches are free and prevent conflicting work from colliding. Long-lived branches are the problem — merge within 1-3 days. |278| "I'll split this change later" | Large changes are harder to review, riskier to deploy, and harder to revert. Split before submitting, not after. |279| "I don't need a .gitignore" | Until `.env` with production secrets gets committed. Set it up immediately. |280 281## Red Flags282 283- Large uncommitted changes accumulating284- Commit messages like "fix", "update", "misc"285- Formatting changes mixed with behavior changes286- No `.gitignore` in the project287- Committing `node_modules/`, `.env`, or build artifacts288- Long-lived branches that diverge significantly from main289- Force-pushing to shared branches290 291## Verification292 293For every commit:294 295- [ ] Commit does one logical thing296- [ ] Message explains the why, follows type conventions297- [ ] Tests pass before committing298- [ ] No secrets in the diff299- [ ] No formatting-only changes mixed with behavior changes300- [ ] `.gitignore` covers standard exclusions