ai/opencode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5a05d5ab53c57a78384844a32d90073d73d4cb00
opencode/command/git-add.md
Voson 5a05d5ab53 chore: 重构 OpenCode 命令和技能文档体系 
- 新增:统一的 git 命令文档(add/commit/push/pull 等)
- 新增:整合的 Gitea 技能文档(API、运行器、工作流等)
- 新增:工作流模板(Android、Go、Node.js 等)
- 移除:已弃用的旧命令脚本和发布脚本
- 改进:.gitignore 添加敏感文件保护规则
- 改进:AGENTS.md 完善了开发规范和示例

此次重组统一了命令和技能的文档结构,便于后续维护和扩展。
2026-01-13 00:27:21 +08:00

322 lines
8.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
description: Stage changes with automatic filtering of sensitive files
---
# git-add
Intelligently stage changes while automatically filtering security-sensitive files.
## What It Does
- Detects all unstaged changes
- Automatically excludes common sensitive files (credentials, secrets, etc.)
- Previews files that will be staged
- Asks for confirmation before staging
- Shows excluded sensitive files for awareness
## Quick Start
Use this command when you want to safely stage changes without accidentally committing sensitive information.
## Sensitive Files Filtered
**Always excluded:**
- `.env*` - Environment files
- `*.key`, `*.pem`, `*.p8` - Private keys
- `.aws/*`, `.gcloud/*` - Cloud credentials
- `.ssh/*` - SSH keys
- `credentials.json`, `secrets.json` - Credential files
- `package-lock.json`, `yarn.lock` (optional, can override)
- `node_modules/`, `vendor/`, `.venv/` - Dependencies
- `dist/`, `build/`, `.next/` - Build artifacts
- `.DS_Store`, `Thumbs.db` - System files
**Custom exclusions:**
- Can be specified in project `.gitignore` or `.secretsignore`
## Steps
### 1. Detect All Unstaged Changes
```bash
git status --porcelain
git diff --name-only
```
Categories:
- Modified files (M)
- Deleted files (D)
- Untracked files (??) - **重要:第一次就显示并提供选项**
### 2. Filter Sensitive Files
Build exclusion list:
- Read `.gitignore` for patterns
- Read `.secretsignore` if exists (project-specific rules)
- Apply built-in security patterns
- Check for `.env*`, `*.key`, `credentials.json`, etc.
Separate files into:
- **Modified/Deleted files (tracked)**: 已跟踪的修改和删除
- **Untracked files (safe)**: 未跟踪但安全的新文件
- **Sensitive files**: 敏感文件(需要 force 才能暂存)
**关键逻辑:**
- 默认选项 (y): 只暂存已跟踪的修改/删除
- all/u 选项: 暂存所有安全文件(包括未跟踪)
- force 选项: 暂存所有文件(包括敏感)
- 一次性显示所有选项,不需要二次运行命令
### 3. Display Preview
Show clear summary in format:
```
=== 将要暂存的文件 (3) ===
M src/index.js
M src/utils.js
D old-file.js
=== 未跟踪的文件 (2) ===
?? new-feature.js
?? tests/new-test.js
=== 敏感文件已过滤 (2) ===
⚠ .env.local (Environment file)
⚠ config/secrets.json (Credential file)
=== 操作选项 ===
- 输入 "y" 或 "yes" 暂存已修改/已删除的文件(不包括未跟踪文件)
- 输入 "all" 暂存所有文件(包括未跟踪文件,但排除敏感文件)
- 输入 "with-untracked" 或 "u" 暂存所有文件(包括未跟踪文件)
- 输入 "force" 强制暂存所有文件(包括敏感文件,谨慎使用)
- 输入 "no" 或 "cancel" 取消操作
- 输入文件路径 暂存特定文件
```
### 4. User Confirmation
Prompt user:
```
是否确认暂存上述文件? (y/all/u/no)
```
**Options:**
- `y` or `yes`: Stage modified/deleted files only (exclude untracked)
- `all` or `with-untracked` or `u`: Stage all including untracked files (exclude sensitive)
- `force`: Stage everything including sensitive files (show warning)
- `no` or `cancel`: Abort
- File path: Stage only specific file(s)
**智能提示:**
- 如果没有未跟踪文件,只显示 y/no 选项
- 如果有未跟踪文件,显示 y/all/u/no 选项,并高亮推荐使用 "all" 或 "u"
- 如果有敏感文件,额外显示 force 选项并警告风险
### 5. Execute Staging
If user confirms:
```bash
# Option 1: Stage modified/deleted only (y)
git add <modified-file-1> <modified-file-2> ...
# Option 2: Stage all including untracked (all/u)
git add <all-safe-files-including-untracked>
# Option 3: Stage everything including sensitive (force)
git add .
```
**Warning for "force" option:**
```
⚠️ 警告:你选择暂存所有文件,包括敏感文件!
请确认这是有意的,避免意外提交凭证或密钥。
已暂存的敏感文件:
- .env.local
- config/secrets.json
输入 "confirm" 继续,或 "cancel" 取消操作
```
**Success message for "all/u" option:**
```
✓ 已暂存所有文件(包括未跟踪文件)
已暂存 5 个文件:
M src/index.js
M src/utils.js
D old-file.js
A new-feature.js
A tests/new-test.js
敏感文件已自动过滤并排除。
```
### 6. Display Result
Show success message in Chinese:
```
✓ 暂存成功
已暂存 3 个文件:
M src/index.js
M src/utils.js
A command/git-add.md
敏感文件已过滤并排除,保护了你的凭证信息。
下一步:
- 运行 /git-commit 生成提交信息并提交
- 运行 /git-status 查看暂存区状态
```
## Safety Features
### Automatic Filters
| Pattern | Why | Can Override |
|---------|-----|--------------|
| `.env*` | Environment variables | No |
| `*.key`, `*.pem` | Private keys | No |
| `credentials.json` | API credentials | No |
| `secrets.json` | Secrets | No |
| `.aws/*`, `.gcloud/*` | Cloud credentials | No |
| `.ssh/*` | SSH keys | No |
| `package-lock.json` | Lock files (optional) | Yes |
### Warnings
- Show count of filtered files
- List filtered file names for transparency
- Warn when using "all" option
- Explain why each sensitive file was excluded
## Use Cases
- Stage changes safely before commit
- Prevent accidental credential leaks
- Review what will be committed before staging
- Follow security best practices
## Related Commands
- `/git-status` - Check file changes before staging
- `/git-commit` - Commit staged files
- `/git-push` - Push commits to remote
## Examples
### Normal Usage (无未跟踪文件)
```bash
/git-add
# 显示3 个已修改文件
# 提示:是否确认暂存? (y/no)
# 输入 "y" 暂存所有已修改文件
```
### 包含未跟踪文件的情况
```bash
/git-add
# 显示:
# - 3 个已修改/已删除文件
# - 2 个未跟踪文件
# 提示:是否确认暂存? (y/all/u/no)
# 输入 "y" 仅暂存已修改文件
# 输入 "all" 或 "u" 暂存所有文件(包括未跟踪)
```
### 强制暂存敏感文件
```bash
/git-add
# 显示:包含 2 个敏感文件
# 提示:是否确认暂存? (y/all/force/no)
# 输入 "force" 强制暂存所有文件
# ⚠️ 显示二次确认警告
```
### 暂存特定文件
```bash
/git-add
# 显示预览
# 输入文件路径src/index.js
# 仅暂存指定的文件
```
### 取消操作
```bash
/git-add
# 显示预览
# 输入 "no" 或 "cancel"
# 操作中止
```
## Implementation Guide
### 关键实现要点
**1. 文件分类逻辑**
```bash
# 获取所有状态
git status --porcelain
# 分类处理
tracked_modified=() # M 状态
tracked_deleted=() # D 状态
untracked_safe=() # ?? 状态且非敏感
untracked_sensitive=() # ?? 状态且敏感
tracked_sensitive=() # M/D 状态但匹配敏感规则
```
**2. 选项显示逻辑**
```python
if has_untracked_files:
if has_sensitive_files:
prompt = "是否确认暂存? (y/all/force/no)"
options = {
"y": "仅暂存已跟踪的修改/删除",
"all/u": "暂存所有安全文件(含未跟踪)",
"force": "暂存所有文件(含敏感)⚠️",
"no": "取消操作"
}
else:
prompt = "是否确认暂存? (y/all/no)"
options = {
"y": "仅暂存已跟踪的修改/删除",
"all/u": "暂存所有文件(含未跟踪)✓ 推荐",
"no": "取消操作"
}
else:
prompt = "是否确认暂存? (y/no)"
```
**3. 执行逻辑**
```bash
case $choice in
y|yes)
git add "${tracked_modified[@]}" "${tracked_deleted[@]}"
;;
all|u|with-untracked)
git add "${tracked_modified[@]}" "${tracked_deleted[@]}" "${untracked_safe[@]}"
;;
force)
# 二次确认
read -p "⚠️ 确认暂存敏感文件? (输入 confirm): " confirm
if [[ "$confirm" == "confirm" ]]; then
git add .
fi
;;
esac
```
## Notes
- This command prioritizes security over convenience
- Sensitive files must be explicitly forced to stage
- **重要:第一次运行就显示所有选项,不需要用户多次运行命令**
- Untracked files are displayed upfront with clear options
- Use `.secretsignore` file for project-specific exclusion patterns
- Consider setting up git hooks for additional security
Reference in New Issue View Git Blame Copy Permalink