the-nexus/docs/SAFE_COMMIT_PATTERNS.md

Safe Commit Patterns

Issue #1430

Backticks in git commit -m messages can trigger shell substitution during hook processing. A commit message containing:

git commit -m "fix: update `connectMemPalace()` to use Fleet API"

may cause the shell to attempt executing connectMemPalace().

Safe Patterns

1. Use safe-commit.sh (recommended)

./scripts/safe-commit.sh "fix: update connectMemPalace() to use Fleet API"

This writes the message to a temp file and uses git commit -F, which prevents shell expansion.

2. Use git commit -F directly

echo "fix: update \`connectMemPalace()\` to use Fleet API" > /tmp/msg.txt
git commit -F /tmp/msg.txt

3. Use single quotes (less reliable with hooks)

git commit -m 'fix: update `connectMemPalace()` to use Fleet API'

Single quotes prevent shell expansion in the commit command itself, but hooks that read the message may still process backticks.

4. Use heredoc for multiline

git commit -F - <<'EOF'
fix: update `connectMemPalace()` to use Fleet API

The mock MCP server was overwriting the real Fleet API version.
EOF

What NOT to do

# BAD — backticks trigger shell expansion
git commit -m "fix: update `connectMemPalace()` to use Fleet API"

# BAD — $(...) triggers command substitution
git commit -m "fix: update $(cat file.py) to use Fleet API"

# BAD — ! triggers history expansion
git commit -m "fix: this is not a joke! seriously"

For agents

When committing code that contains backticks or special characters:

1. Always use git commit -F <file> or safe-commit.sh
2. Never interpolate user content into -m strings
3. Escape or remove backticks from commit messages when possible