--- name: mcaf-source-control description: "Set or refine source-control policy for repository structure, branch naming, merge strategy, commit hygiene, and secrets-in-git discipline. Use when bootstrapping a repo, tightening PR flow, or documenting branch and release policy." compatibility: "Requires repository access; may update contribution docs, AGENTS rules, or repository policy files." --- # MCAF: Source Control ## Trigger On - bootstrapping source-control policy - tightening branch, merge, or PR rules - documenting commit or release hygiene - dealing with secrets-in-git or repository structure issues ## Value - produce a concrete project delta: code, docs, config, tests, CI, or review artifact - reduce ambiguity through explicit planning, verification, and final validation skills - leave reusable project context so future tasks are faster and safer ## Do Not Use For - CI/CD workflow design with no source-control policy change - one-off git commands that do not alter repo policy ## Inputs - current branching and merge flow - release strategy and versioning expectations - secret-handling and repository-structure constraints ## Quick Start 1. Read the nearest `AGENTS.md` and confirm scope and constraints. 2. Run this skill's `Workflow` through the `Ralph Loop` until outcomes are acceptable. 3. Return the `Required Result Format` with concrete artifacts and verification evidence. ## Workflow 1. Agree on merge and release strategy before scaling implementation. 2. Keep branch and PR rules explicit in-repo. 3. Treat secrets in git history as a critical incident, not cleanup noise. 4. Use concrete policy language, not hand-waving. ## Deliver - clear branch and merge strategy - updated contribution or governance docs - safer repository hygiene around commits, PRs, and secrets ## Validate - naming and merge rules are explicit - release/versioning implications are documented where needed - secret hygiene is treated as policy, not tribal knowledge ## Ralph Loop Use the Ralph Loop for every task, including docs, architecture, testing, and tooling work. 1. Plan first (mandatory): - analyze current state - define target outcome, constraints, and risks - write a detailed execution plan - list final validation skills to run at the end, with order and reason 2. Execute one planned step and produce a concrete delta. 3. Review the result and capture findings with actionable next fixes. 4. Apply fixes in small batches and rerun the relevant checks or review steps. 5. Update the plan after each iteration. 6. Repeat until outcomes are acceptable or only explicit exceptions remain. 7. If a dependency is missing, bootstrap it or return `status: not_applicable` with explicit reason and fallback path. ### Required Result Format - `status`: `complete` | `clean` | `improved` | `configured` | `not_applicable` | `blocked` - `plan`: concise plan and current iteration step - `actions_taken`: concrete changes made - `validation_skills`: final skills run, or skipped with reasons - `verification`: commands, checks, or review evidence summary - `remaining`: top unresolved items or `none` For setup-only requests with no execution, return `status: configured` and exact next commands. ## Load References - read `references/source-control.md` first - open `references/naming-branches.md` only when the task is specifically about branch naming ## Example Requests - "Define branch naming and merge rules for this repo." - "Document how releases and component versions should work." - "Tighten our source-control policy after a secrets leak."