# Auto-Commit and Auto-Push Policy

**Purpose:** Define when I auto-commit and when I auto-push without explicit per-turn approval. Replaces the previous default of "never commit unless explicitly asked, never push ever." Established 2026-05-13 after weighing the tradeoffs (speed/backup-hygiene/compounding-leverage vs. push-irreversibility/bundling-risk/CI-side-effects).

**Auto-loads in every session.** Applies to me (1000xagent) and to every project agent. Project agents inherit this rule from `~/.claude/rules/` and may override narrowly in their own repo-scoped rules.

**Cross-references:** `~/.claude/rules/agent-authority.md` (operating principles), `~/.claude/rules/dev-folder-ecosystem.md` (repo inventory), `~/.claude/rules/cross-repository-operations.md` (git safety), `~/.claude/rules/permission-policy.md` (bypass scope).

---

## TL;DR

| Trigger | Auto-commit? | Auto-push? |
|---|---|---|
| Clean working tree + my edits only | Yes | See per-repo table |
| Dirty tree with unrelated prior work | No — pause, name files, ask | n/a |
| Touched `private/`, `.env*`, Cloudflare config, secrets | No — always Tyler-eyes-only | n/a |
| Mutates allowlist / accountability infra | No — friction gate stays | n/a |
| Permission-policy / settings.json edits | No — Tyler reviews diff first | n/a |

---

## Per-repo auto-push table

| Repo / scope | Auto-push to `main`? | Reason |
|---|---|---|
| `~/.claude/` (my second brain) | **Yes** | Losing it is worse than imperfect commits. GitHub backup matters more than diff polish. |
| `~/dev/[private-creative-tooling]/` | **No** | Tyler actively iterates here; unpushed commits are part of his working state. Bundles creative-production turns. |
| `~/dev/1000xvault/` | **No** | Same — iteration-heavy, content pipeline state. |
| `~/dev/utopia/`, `~/dev/utopia-raw/`, `~/dev/utopia-drive/`, `~/dev/1000xsuite/`, `~/dev/1000xvault/` (Utopia Suite product repos) | **No** | Push triggers Vercel production build. Doc-only commits eat build minutes + churn cache. Tyler decides when to ship. |
| `~/dev/tyleryouk.com/` | **No** | Same — production-deploying. |
| `~/dev/peptide-shop/` | **No** | Production-deploying; e-commerce site. |
| `~/dev/leetcodesprints/` | **No** | Production-deploying. |
| `~/dev/salesperson-business-cards/` | **No** | Production-deploying. |
| `~/dev/ai.engineering.cloud/` | **No** | Production-deploying (Vercel auto-deploys public mirror; private source repo writes are reviewed via local pnpm dev before each push). |
| `~/dev/[private-internal-tooling]/`, `~/dev/[private-internal-tooling]/`, `~/dev/[private-fitness-tooling]/`, `~/dev/[private-creative-tooling]/`, `~/dev/[health-mcp]/` (internal-tooling repos without Vercel) | **Yes** | No deploy webhook; ops/tooling work compounds better with auto-push backing it up. |
| Any repo I just created (first commit + first push) | **Yes** | First-commit/first-push is initialization, not iteration. |

**Decision rule for repos not listed:** if the repo has a Vercel deploy hook OR a GitHub Actions workflow that auto-deploys to production on push to `main`, default to **No auto-push**. Otherwise default to **Yes auto-push**. Always check `~/.claude/1000xagent/agents.yaml` `site.url` for the canonical production-deploying flag.

---

## Auto-commit preconditions (apply BEFORE the auto-push table is consulted)

I auto-commit ONLY when ALL of these hold:

1. **Working tree clean of pre-existing dirty state** when I started my edits. Verified by `git status --short` snapshot at turn start vs. turn end.
2. **Every file I'm about to stage is one I touched this turn.** Never `git add -A` / `git add .` / `git add *`. Always stage by explicit filename.
3. **No file in my stage set is under `private/`, contains `.env`, contains credential-shaped paths, or is in a Cloudflare config tree.**
4. **The change is not a mutation of the accountability filter, permission-policy, settings.json, or any other system that requires friction by design.** Those keep the manual approval gate.
5. **The commit message is honest about scope** — describes what I changed, why, and references the prior commit/spec/issue if applicable.

If any precondition fails, I do **not** auto-commit. I report the diff to Tyler and let him decide.

---

## Auto-push preconditions (after auto-commit landed)

Auto-push runs ONLY when ALL of these hold:

1. **The per-repo table says Yes for this repo.**
2. **The commit just created is mine alone** (single commit, single author block, no bundled prior work).
3. **The branch is `main`** (or the repo's default branch). I do not auto-push to feature branches without explicit Tyler ask.
4. **No `--force` flags ever.** Never `--force-with-lease`, never `--force`. If a normal push fails, I report and stop.
5. **No co-authored Vercel-deploying-repo commits.** Vercel Hobby cared about author email; the paid plan doesn't. Either way, my auto-push commits use the repo's configured identity (per `git-identity.md`).

If the push fails (e.g., upstream has new commits I haven't pulled), I do **not** retry or rebase or merge autonomously — I report and let Tyler resolve.

---

## What this does NOT auto-do

- **Never auto-amend.** Amending published commits is documented forbidden.
- **Never auto-rebase or auto-merge.** Conflict resolution stays Tyler's call.
- **Never auto-tag.** Releases are intentional acts.
- **Never auto-revert.** Even on a self-detected mistake, I report and let Tyler decide whether to revert or just patch forward.
- **Never auto-push to feature branches I created.** Feature branches are for code review; pushing them auto would surprise reviewers.
- **Never auto-create PRs.** PR creation is a communication act, not a backup act.

---

## Edge cases

### "I touched 6 files but 3 are mine and 3 are pre-existing dirty state"

Do NOT auto-commit. Report:

> "Touched X, Y, Z this turn. Working tree also has dirty A, B, C from prior work. I'll stage X, Y, Z by name if you confirm — or you can clean up A, B, C first."

### "My edit touches both ~/.claude AND a project repo"

Two commits, two repos, two auto-push decisions per the table. Each repo's auto-push gate evaluated independently.

### "I touched a settings.json or rule file that governs the accountability system"

Auto-commit allowed (it's just a doc/config edit), auto-push gated by repo table. BUT add a one-line note in the commit body: "Touches accountability config — Tyler please review diff before next session."

### "I created a new repo this turn"

First commit + first push is initialization, always auto. After init, the repo's row in the table governs.

### "Pre-commit hook failed"

Investigate the failure. Fix the underlying issue. Create a NEW commit. Never `--no-verify`.

### "The repo has uncommitted work AND I need to make my edit"

Stash is NOT my call. I describe what I want to do and ask Tyler to either commit, stash, or accept me bundling.

### "I'm in the middle of a multi-step task that touches 5 files across 3 turns"

Auto-commit per turn is fine; intermediate commits are cheap. If I want to squash before push, I ask. Otherwise the commit history shows the turn-by-turn shape.

---

## Why this split, not all-or-nothing

The discipline is: **auto-everything in low-blast-radius repos, manual review in high-blast-radius repos.** This matches Tyler's actual cost model:

- A messy commit history in `~/.claude/` is fine — that's a working surface. Backup hygiene is the dominant concern.
- A messy commit history in production-deploying repos is **expensive** — every push triggers Vercel, every Vercel deploy has cache + cost implications, and "I just want to fix a typo" turns into "I just deployed a typo to production while typing on my phone."
- Auto-push to repos that don't deploy is free (no CI cost) and protects against data loss.
- Auto-push to repos that DO deploy costs build minutes + risks deploying half-done work.

The table is the operational expression of that cost model.

---

## When to revise this rule

- A new repo joins `~/dev/` — add a row to the table.
- A repo changes deploy status (adds Vercel hook, or removes one) — flip its row.
- Auto-push fails repeatedly (upstream conflicts, branch protection, etc.) — narrow the table.
- Tyler corrects a specific case ("don't auto-push X anymore") — narrow the table and capture in memory.
- A new failure mode emerges (e.g., I auto-pushed a commit that broke a downstream agent) — tighten preconditions, document the failure in a new section here.

---

*Established 2026-05-13 after explicit weighing of pros/cons. Replaces the prior default of "never commit unless asked, never push." The friction gates on accountability-system mutations, secrets, and permission policy stay intact — this rule only changes the default for normal work.*