pre-pushlisted

# Pre-Push Readiness Gate Answer one question: **"If I push right now, will I regret it?"** This is a fast, focused pre-flight check of what is *actually about to be published* — not a deep code review. Run read-only, then give a clear verdict. Key principle: **a file being in `.gitignore` does NOT mean it's safe.** `.gitignore` only affects *untracked* files. A secret that was committed before being ignored, a key hardcoded in source, or a secret in history will still push. This gate checks **reality** (git state), not just the rules. ## What this skill is (and isn't) - It **is** a gate: a quick checklist run right before commit/push. - It is **not** the `gitignore` skill (which writes ignore rules) or `security-audit` (deep OWASP review). When this gate finds a rules gap or wants depth, it **defers**: "Your `.gitignore` is missing X — want me to run the `gitignore` skill?" Skills can't call each other programmatically, so recommend and let the user trigger them. ## Step 1 — Read the real git state - `git status --porcelain` — what's staged / modified / untracked. - `git diff --cached` — exactly what the next commit will contain. - `git ls-files` — what's already tracked (the stuff `.gitignore` can't save you from). - Current branch (`git branch --show-current`) and whether commits are ahead of remote. ## Step 2 — Run the checklist ### A. Secrets about to ship (highest priority) Scan the staged diff, tracked files, AND source contents for: - API keys / tokens: