⬡Staging & commit
Everything you need to land a change, from the sidebar staging view: pick files, write a message, and Commit — or Commit & Push, or Amend the last commit.
Stage & commit commit
Entry points
- SidebarTick file / folder / section checkboxes to stage, type a message, click Commit.
What happens next
- The Commit button is enabled only when something is staged and the message is non-empty — a message alone is not enough.
- Ticking a checkbox already staged the file in git's index (stage / unstage); Commit sends commit with the message and no paths — it commits the index as it stands.
- On success the message clears, the file list empties, and status refreshes.
iStaging is the real git index, not webview state — checking a file runs
git add, unchecking git restore --staged. Edit a staged file and the new edits show as a second row under Changes while the commit still takes the frozen snapshot. See real-index staging and hunk staging.Commit & push commit.push
Entry points
- SidebarCommit & Push — shown when the branch has an upstream (and amend is off).
What happens next
- Go runs commit.push with
{ message, paths[] }— commit, then push. - If there's no upstream yet, the push transparently retries with
-u origin HEAD(see auto-set upstream).
Amend last commit commit.amend
Rewrites HEAD instead of creating a new commit — edit its message and/or fold staged changes in.
Entry points
- SidebarTick the Amend last commit checkbox in the commit area.
What happens next
- Toggling amend prefills the textarea with HEAD's message (fetched via commit.lastMessage) so you can edit it.
- In amend mode staging is optional — a message-only amend is allowed (
canCommit = message && (amend || stagedCount > 0)). - Clicking Amend runs commit.amend, folding any staged changes into HEAD with the new message.
Pre-commit safety checks commit.precheck
Before any commit from the sidebar, the staged files are scanned for the universal foot-guns. Findings warn, never block — one native "Commit anyway?" dialog, in line with the safety-net thesis. Not git hooks: zero per-repo setup, and any hooks a repo has still run normally.
What is checked
| Check | Fires on | Setting |
|---|---|---|
| secretFile | Credential-shaped names: .env, id_rsa, *.pem, credentials.json, … | hydragit.safety.secretFile |
| secretContent | High-precision token shapes (AWS / GitHub / Slack / OpenAI / Google keys, PEM private keys). | hydragit.safety.secretContent |
| conflictMarker | Leftover <<<<<<< / >>>>>>> lines. | hydragit.safety.conflictMarker |
| largeFile | Files over 5 MB. | hydragit.safety.largeFile |
| protectedBranch | Committing directly to a protected branch (default main / master). | hydragit.safety.protectedBranch |
iThe protected-branch list is configurable via
hydragit.safety.protectedBranches (default ["main", "master"]). The list replaces the default — set ["develop"] to protect develop instead, or include main/master to keep them. The protectedBranch boolean above stays the on/off switch.What happens next
- Commit / Commit & Push first sends commit.precheck with the staged paths; the extension host injects which checks are enabled and the protected-branch list from settings.
- No findings → the commit proceeds silently. Findings → a native modal lists them; Yes commits anyway, anything else cancels.
- All checks disabled → the host answers "no warnings" without calling Go at all.
iThe token patterns are deliberately high-precision — a false positive trains you to click through, which kills the feature. Matched secrets are truncated to their first 8 characters in the dialog, never echoed in full.