How Git discipline amplifies
in the age of AI coding agents
May 2026 Β· Research Synthesis Β· 42 slides
Git Best Practices & Branching Strategies
Git Anti-Patterns β The 10 Deadly Sins
Agentic Coding β Principles, Practices & Patterns
Git + Agents β Mandatory Rules, Workflows & Agent-Specific Anti-Patterns
Implementation Guide & Key Takeaways
The foundations every team should master
The foundational unit of good Git hygiene. An atomic commit represents one logical change β not one file, not a day's worth of unrelated work.
fix(auth): handle expired JWT tokens
with 401 redirect
feat(search): add debounced input
with 300ms delay
WIP β end of day, lots of stuff Fixed search and also the login bug and changed CSS and fontsβ¦
git add -p. Split messy commits with git rebase -i before pushing.
<type>[optional scope]: <description> [optional body] [optional footer(s)]
| Type | When | Example |
|---|---|---|
feat | New feature | feat(auth): add biometric login |
fix | Bug fix | fix(search): handle empty query |
refactor | Code change, no behavior | refactor(api): extract pagination |
test | Adding tests | test(auth): add token refresh tests |
docs | Documentation | docs(readme): add setup guide |
chore | Tooling/deps | chore(deps): bump lodash |
git log
main + develop + feature/* + release/* + hotfix/*
Scheduled releases, regulated teams. High overhead for CI/CD.
main + short-lived feature/* branches
Continuous delivery. Always-deployable main. Minimal overhead.
Single main trunk; branches live hours/days.
Feature flags hide incomplete work. Fastest feedback loop.
main + environment branches + features
Environment visibility with simplicity.
| Factor | GitFlow | GitHub Flow | Trunk-Based |
|---|---|---|---|
| Release cadence | Slow/medium | Fast | Continuous |
| Branch lifetime | Weeksβmonths | Days | Hoursβdays |
| CI/CD maturity | Lowβmedium | Mediumβhigh | High |
| Regulatory fit | Good | Poor | Needs flags |
| Merge conflict risk | High | Low | Very low |
fix(auth): prevent session race on
concurrent logins
When multiple login requests arrive
simultaneously, the session token
could be overwritten. This adds a
version counter to detect and reject
out-of-order updates.
RACE-42
.gitignoreConfigure at project start. Exclude build artifacts, IDE files, .DS_Store, node_modules/, .env*.
Delete branches after merge. Automate with git branch -d. Prevent the "branch cemetery."
mainRequire PR reviews, passing CI. No direct pushes or force pushes. Main always deployable.
For large binaries: use Git LFS instead of committing directly. Keeps repos lean, clones fast.
main is the single source of truthmain to dev, staging, productionmain β deploy the fix commit everywheregit switch main && git pull origin main git switch -c feature/billing-upgrade git commit -m "feat(billing): add plan upgrade behind flag" git push -u origin feature/billing-upgrade # ... PR review, CI passes, squash merge ... git tag -a v2.3.0 -m "Release v2.3.0"
# Cut a release from main git switch main && git switch -c release/1.5.0 # After QA, merge & tag git switch main git merge --no-ff release/1.5.0 git tag -a v1.5.0 -m "Release 1.5.0"
The 10 deadly sins of version control
One commit across 20+ unrelated files. Fix: atomic commits, git add -p, interactive rebase.
"fix", "WIP", "magic do not touch". Fix: Conventional Commits, imperative mood.
Erases colleagues' work. Fix: use --force-with-lease, never force-push protected branches.
API keys, passwords committed. Fix: .env in .gitignore, secrets managers, git-filter-repo.
Videos, PSDs committed directly. Fix: Git LFS, external asset storage.
Hundreds of stale merged/abandoned branches. Fix: delete after merge, automate cleanup.
.gitignoreBuild artifacts, .DS_Store, node_modules/ tracked. Fix: template at project start.
Weeks without merging β massive conflicts. Fix: short-lived branches, feature flags.
Rebasing branches others based work on. Fix: only rebase private, unpushed branches.
Treating Git like SVN β fear of branching. Fix: embrace branching, forks, local history.
Principles, practices & patterns for AI-assisted development
Collaborating with AI coding agents that autonomously read, write, modify code, execute commands, run tests, and manage Git β operating at the task level, not just autocompleting lines.
The developer, not the AI, owns quality, security, and maintainability.
Never accept generated code without understanding it.
Never paste sensitive data into prompts. Exclude sensitive files.
Generated code must meet team conventions and pass quality gates.
Architecture and critical logic must be human-led. AI supports.
AI hallucinates, has outdated knowledge, lacks deep context.
Source: agentic-coding.github.io
AGENTS.md, CLAUDE.md with project conventionsState goal (What), context (Where), constraints (How). AI cannot infer omitted context.
Break into manageable units. Not too granular (loses coherence), not too large (overwhelms).
Include existing code examples. Agent learns style, structure, and patterns from real code.
Explore the codebase first. Create a plan. Review it. Then implement.
Don't let errors compound. Catch misunderstandings early.
If you can't explain it to a colleague, don't commit it.
Linters, formatters, CodeHealth scores β every commit.
Ensure correct assertions, adequate coverage, edge case handling.
API usage, library versions may be hallucinated or outdated.
Indicate AI involvement so reviewers focus on agent-specific pitfalls.
.env / secrets managers; never hardcode secretsFrom GitHub's three-layer framework for reliable AI workflows:
Markdown guides AI reasoning. Headers, lists, links as context injection points. Validation gates.
Reusable files: .instructions.md, .prompt.md, .spec.md, .memory.md. Modular & composable.
Session splitting. Targeted instructions. Memory-driven dev. Domain-bound chat modes.
.md files need the same infrastructure as code: versioning, distribution, CI/CD integration.
"Speed amplifies both good design and bad decisions." β Adam Tornhill, CodeScene
Assess code health before agent work. AI performs best at Code Health β₯9.5.
Pre-commit and PR pre-flight checks. Agent enters refactoring loop on quality issues.
review β plan β refactor β re-measure loop. Break large legacy functions.
AGENTS.md with workflow sequencing. Individual tools become predictable workflows.
Strict coverage gates catch agent shortcuts (deleting failing tests).
E2E tests validate full system behavior. At AI speed, this becomes non-negotiable.
The bridge between human intent and agent execution:
proposal.mdFunctional analysis β What, Why, Scope, Success criteria. The intent.
design.mdTechnical design β affected areas, endpoints, components, models. The blueprint.
tasks.mdOrdered implementation plan with dependencies. The execution path.
# AGENTS.md ## Technology Stack - Flutter 3.x, Dart 3.x, BLoC for state management - Supabase for auth/data, SQLite for local storage ## Commands - Build: `flutter run` Β· Test: `flutter test` - Lint: `flutter analyze` Β· Format: `dart format lib/` ## Git Policy - Conventional Commits: feat:, fix:, refactor:, test: - Atomic commits β ONE logical change per commit - Branch: <issue>-<slug> from main, delete after merge - Run `just format && just analyze` before every commit ## Recurring Mistakes to Avoid - Don't store absolute paths for images (filename-only) - Don't hardcode strings (use ARB l10n pipeline)
Mandatory rules, workflows & agent-specific anti-patterns
Agents operate at 2β3Γ human speed. This amplifies everything β good and bad.
| Human Consequence | Agent Amplification |
|---|---|
| One bad commit β minor cleanup | 10 bad commits in 5 minutes β history damage |
| Vague message β confusion later | 50 vague agent commits β unreadable log |
| Accidental secret commit β remediation | Agent adds secrets from training data β undetected |
| Force push on shared β team disruption | Agent force-pushes autonomously β catastrophe |
| Forgot to run linter β CI catches it | Agent skips validation for speed β 50 unchecked commits |
One logical change per commit. Conventional Commits format. Never git add -A. No "WIP" messages.
Short-lived feature branches from main. Delete after merge. No direct commits to shared branches. No force push.
Explicitly forbid .env files, API keys, tokens. .env* in .gitignore. Pre-commit secrets check.
Every commit must pass: formatting β linting β tests (at minimum changed code) β CodeHealth check.
Commit at logical checkpoints. Creates natural rollback points and a clean, reviewable history.
Agent merges its own PR without review. Fix: never grant merge permissions. Require human approval.
Agent rewrites the same file repeatedly. Fix: "3-strike rule" β escalate to human after 3 failed attempts.
Agent forgets earlier decisions, contradicts commits. Fix: .memory.md, split long tasks into sessions.
Agent runs rebase, reset --hard, push --force speculatively. Fix: restrict dangerous commands.
Agent deletes tests that fail instead of fixing code. Fix: coverage gates in PR. Rule: "Never delete a test without human approval."
Entire feature in one massive commit. Fix: task decomposition in spec. Enforce "commit after each task item."
.gitignoreAgent commits build artifacts, IDE files. Fix: pre-configure comprehensive .gitignore. Pre-commit artifact detection.
| Anti-Pattern | Human Impact | Agent Impact |
|---|---|---|
| Kitchen sink commits | Harder to review | 20+ bad commits/session. History destroyed. |
| Vague messages | Confusion later | 50 "update"/"fix" commits. git log useless. |
| Force push on shared | Team disruption | Autonomous push to main. Data loss risk. |
| Secrets in repo | Remediation needed | Injects secrets from training data. Harder to detect. |
| Long-lived branches | Merge conflicts | Agent keeps rebasing β conflict loop. |
| Deleting failing tests | Rare (intentional) | Agent shortcut. Silent regression. |
Drop this into your AGENTS.md:
## Git Commit Policy Every commit: <type>(<scope>): <imperative description> Types: feat | fix | refactor | test | docs | chore Examples: feat(auth): add biometric login support fix(search): handle empty query returning 500 refactor(api): extract pagination logic to util Rules: β’ Commit after every logical sub-task β’ Never use `git add -A`; stage files explicitly β’ Run linter + formatter + tests before committing β’ Verify no secrets or build artifacts are staged β’ Never amend commits that have been pushed
Putting it all into practice
AGENTS.mdTech stack, commands, conventions, Git policy, branch naming, pre-commit checklist.
.gitignoreComprehensively β before any agent work. Cover all artifacts, IDE files, .env*.
Formatting Β· Linting Β· Tests (at minimum changed files) Β· Optional CodeHealth via MCP.
main BranchRequire PR reviews Β· Require passing CI Β· No direct pushes Β· No force pushes.
Write it in CONTRIBUTING.md. Keep lightweight. Revisit as the team evolves.
main, always deployable<issue>-<slug> branches, 1β2 day maxmain as source of truthrelease/* for QA stabilizationhotfix/* for urgent fixesdevelop branchmainAtomic commits and clean branching aren't "nice to have" β they're mandatory guardrails at agent speed.
Humans absorb culture. Agents need it in AGENTS.md. If it's not documented, it doesn't exist.
proposal.md β design.md β tasks.md before code. Prevents scope creep and iteration waste.
Format, lint, test every commit. Manual review can't keep pace with agent velocity.
Human review is the final gate. Agent proposes; human disposes.
Commit after every sub-task. Cheap rollbacks. Clean history. No downside.
Session splitting, .memory.md, domain-scoped instructions. Treat context like a scarce resource.
Agentic coding demands more discipline, not less. Code health and safeguards are the real enablers.
Explicit rules Β· Automated gates Β· Human oversight
These are the pillars of successful AI-assisted development.
"Speed amplifies both good design and bad decisions."
β Adam Tornhill, CodeScene