Opinionated rule set for managing source code and documents with Git/GitHub-style workflows, including branching, naming, commit hygiene, CI/CD integration, audit trails, and security.
Stop wrestling with chaotic version control. These battle-tested Cursor Rules transform your Git workflow from a daily source of friction into a precision development machine.
You know the pain: merge conflicts that shouldn't exist, commit messages that tell you nothing three months later, branches named fix-thing-2-FINAL-ACTUALLY-FINAL, and that sinking feeling when you need to trace a production bug through a tangled commit history.
Most teams treat Git like a backup tool instead of the powerful workflow engine it can be. The result? Lost productivity, deployment anxiety, and technical debt that compounds every sprint.
These Cursor Rules implement a complete Git-centric workflow system that automates the tedious parts while enforcing the practices that prevent disasters. You get structured branching, meaningful commit history, automated quality gates, and bulletproof deployment pipelines - all configured once and enforced automatically.
What it handles for you:
main, develop, feature/, hotfix/ - automatically enforcedEliminate Merge Hell: Structured branching means conflicts become rare exceptions instead of daily occurrences. No more spending 30 minutes untangling what should be a 2-minute merge.
Instant Context Recovery: Conventional commits like feat(auth): add OIDC login - Closes #45 mean you understand any change immediately, even months later. No more detective work through cryptic commit messages.
Zero-Risk Deployments: Automated testing, security scanning, and staged releases through protected branches mean main is always deployable. Sleep better knowing rollbacks are clean and predictable.
Compliance Without Overhead: Automatic audit trails, signed commits, and change documentation satisfy security requirements without slowing development.
Before: Your feature branch has 47 commits including "fix typo", "actually fix typo", and "remove debug print". Code review takes 20 minutes just to understand what changed.
After:
git checkout develop
git checkout -b feature/user-preferences
# Work, commit with conventional messages
git push origin feature/user-preferences
# Auto-generated PR with tests, security scan results
# Squash merge with clean history
Before: Production bug requires archaeological dig through months of commits to find the root cause.
After:
git log --oneline --grep="user-pref"
# feat(user): add preference caching - Closes #234
git show abc123 # Full context immediately available
Before: Deployment anxiety because you're never sure what's actually in the release.
After: Semantic versioning with auto-generated changelogs. v2.1.0 tells you exactly what features, fixes, and breaking changes are included.
# Initialize with proper defaults
git config --global init.defaultBranch main
git config --global commit.gpgSign true
# Required files structure
mkdir -p docs scripts
touch README.md LICENSE .gitignore
echo "# Project Documentation" > docs/README.md
Configure on GitHub/GitLab:
main and develop branches# Install pre-commit framework
pip install pre-commit
# Add .pre-commit-config.yaml
cat > .pre-commit-config.yaml << EOF
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-merge-conflict
- repo: https://github.com/gitleaks/gitleaks
rev: v8.15.0
hooks:
- id: gitleaks
EOF
pre-commit install
# Set commit message template
git config commit.template ~/.gitmessage
cat > ~/.gitmessage << EOF
# <type>(<scope>): <subject>
#
# <body>
#
# <footer>
# Types: feat, fix, docs, style, refactor, perf, test, chore
EOF
# .github/workflows/ci.yml example
name: CI
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run tests
run: npm test
- name: Security scan
run: npm audit
- name: Build
run: npm run build
Immediate Gains:
Long-term Benefits:
Team Transformation: Your Git workflow becomes a competitive advantage. New developers onboard faster because conventions are clear and enforced. Senior developers stop wasting time on process enforcement and focus on architecture. DevOps becomes predictable because every change follows the same well-tested path.
The rules handle the discipline so you can focus on building great software. Your Git history becomes a reliable technical documentation system, your deployments become routine instead of events, and your team moves faster because everyone follows the same proven patterns.
Ready to stop fighting your version control system? Implement these rules and watch your development workflow transform from chaotic to systematic.
You are an expert in Git, GitHub/GitLab/Azure DevOps, Continuous Integration (CI), Continuous Deployment (CD), and DevSecOps tooling.
Key Principles
- Centralize all code & document storage in a single, access-controlled Git repository hosted on a cloud platform (GitHub, GitLab, Bitbucket, Azure DevOps).
- Every change must be traceable: branch ➜ commit ➜ pull/merge request ➜ review ➜ protected merge ➜ semantic tag.
- Prefer small, frequent commits with meaningful context over large, monolithic commits.
- Automate everything that can be automated: version bumping, changelog generation, linting, testing, security scanning, and release packaging.
- “Main” is always deployable; never break the build.
- History is immutable—use `git revert`, not `git push --force`, on public branches.
- Naming, branching, and tagging follow strict, documented conventions (see below) to maximize clarity and automation compatibility.
Language-Agnostic Version Control Rules
- Repository layout
- `README.md` ➜ mandatory, purpose and setup instructions.
- `LICENSE` ➜ SPDX-compliant identifier at top.
- `.gitignore` ➜ language- and tooling-specific patterns; never commit compiled artifacts or secrets.
- `/docs` ➜ project documentation; source files only, no binaries.
- `/scripts` ➜ automation helpers; keep shell scripts POSIX-compliant where possible.
- Branches
- `main` (protected) ➜ production-ready code.
- `develop` (protected) ➜ next release integration line.
- `feature/<slug>` ➜ new capability; branch off `develop`; delete after merge.
- `bugfix/<ticket-id>` ➜ non-urgent defect work; branch off `develop`.
- `hotfix/<ticket-id>` ➜ critical production fix; branch off `main`, merge back to both `main` and `develop`.
- `release/<version>` ➜ stabilization before tagging; closed via tag + merge.
- Naming conventions
- Use lowercase, kebab-case for branch slugs: `feature/login-screen`, `hotfix/2024-05-csrf`.
- Tags follow semantic versioning `vMAJOR.MINOR.PATCH` (e.g., `v2.3.0`).
- Never use ambiguous terms like `final`, `new`, or `latest`.
- Commit messages (Conventional Commits)
- Format: `<type>(<scope>): <subject>`
- Types: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `chore`, `revert`.
- Wrap body at 72 chars; link issues with `Fixes #123`.
- Example: `feat(auth): add OIDC login\n\nAdds OAuth 2.0 / OIDC login flow using PKCE.\n\nCloses #45`.
- Pull/Merge requests
- Require ≥1 peer review and successful CI before merge.
- Enable squash-and-merge; delete branch on merge.
- Use templates with sections: Purpose, Changes, Tests, Impact, Checklist.
- Documentation
- Update `CHANGELOG.md` automatically via commit messages & tags.
- Architectural decisions recorded in `docs/adr/<NNN>-<title>.md`.
Error Handling & Validation
- Pre-commit
- Run linters (`eslint`, `black`, `shellcheck`), unit tests, secret scanners (`truffleHog`, `git-secrets`).
- Reject commit if any check fails.
- Pre-push
- Enforce branch naming regex; block pushes to protected branches without PR.
- CI pipeline stages (fail-fast)
1. checkout ➜ 2. deps install ➜ 3. static analysis ➜ 4. unit tests ➜ 5. build ➜ 6. security scan ➜ 7. artifact publish.
- Rollback
- Use `git revert <sha>` for code already in `main`.
- For config errors, tag + branch from last known good tag, cherry-pick fix, redeploy.
Framework-Specific Rules – Git & Hosting Platforms
Git (CLI)
- Default branch name must be `main` (configure global `init.defaultBranch=main`).
- Sign all commits and tags (`git config --global commit.gpgSign true`).
- Use sparse-checkout for large mono-repos to improve performance.
GitHub / GitLab / Azure DevOps
- Enable branch protection rules: require PR, status checks, signed commits, and linear history.
- Configure CODEOWNERS for automatic reviewer assignment.
- Use environment-specific deploy keys and secrets; never reuse personal tokens.
- Automate dependency updates with Dependabot / Renovate.
- Archive inactive repositories; set to read-only after 90 days of no updates.
Additional Sections
Testing
- 100 % of new or changed code paths require unit tests.
- Integrate mutation testing (e.g., `stryker`) for critical libraries.
- Use test coverage gates in CI (`fail if < 80 %`).
Performance (Large Repos)
- Enable Git LFS for binaries >5 MB.
- Restrict history depth in CI with `--depth 1` to speed up clones.
Security
- Enforce SSO/MFA on repository host.
- Rotate credentials every 90 days; monitor audit logs weekly.
- Use secret scanning hooks; block push if matches high-entropy regex.
Governance & Compliance
- Maintain audit trail: PR discussion + merge commits form an immutable record.
- Retention: never delete branches or tags without Change-Advisory-Board (CAB) approval; instead archive.
Training & Onboarding
- Provide a 30-minute recorded walkthrough of branching model and commit conventions.
- Supply cheat-sheet of common Git commands and recovery recipes (`git reflog`, `git bisect`).
Continuous Improvement
- Quarterly retrospective to refine branching strategy, CI speed, and review process.
- Capture pain points in `docs/process/backlog.md` and schedule fixes.