Detect the Correct Base Branch for Pre-Push Diff Retrieval

[ductrl]

Problem

When pushing a brand new branch, Git provides an all-zero remote SHA because the remote branch does not yet exist. The current implementation falls back to diffing against the merge base with origin/main.

While this is a safe default from a security perspective, it is only an approximation. It assumes that every new branch ultimately originates from origin/main.

Example

origin/main

A ---- B

feature-1 (local only)

       C ---- D

feature-2 (local only)

             E ---- F

If feature-2 is pushed first, the current implementation scans C, D, E, and F by diffing against the merge base with origin/main.

This is conservative and ensures no unpublished code is missed, but it may scan more commits than necessary.

Proposed Improvement

Investigate whether Git provides enough information to determine the actual upstream/base branch for a new push, or whether CommitGate can infer it from local branch configuration.

If possible, diff against the true branch point instead of always using origin/main.

Acceptance Criteria

• Research Git's pre-push hook metadata and branch tracking information.
• Determine whether the original base branch can be identified reliably.
• If possible, update pre-push diff retrieval to use the detected base branch.
• Fall back to the current origin/main strategy when the base branch cannot be determined.