Before committing, perform a security scan on all staged and unstaged changes. Then commit with a short message.

## Step 1: Security Scan

Run `git diff` and `git diff --cached` to inspect all changes. Scan for mid-high level risks:

- **API keys / secrets**: Look for hardcoded strings that resemble API keys, tokens, passwords, or secret values (e.g. `sk-`, `pk_`, `AIza`, `ghp_`, `Bearer`, long base64 strings assigned to variables like `key`, `token`, `secret`, `password`, `apiKey`)
- **Environment variables**: Check for `.env` files being staged, or env values being hardcoded instead of referenced via `process.env` or `ConfigService`
- **Credentials**: Database connection strings with passwords, AWS access keys, JWT secrets, Stripe keys, or any payment-related tokens
- **Private keys / certificates**: PEM files, SSH keys, or certificate content

If any risk is found:
1. List each finding with file path and line
2. **Stop and ask the user** whether to proceed or fix first
3. Do NOT commit until the user confirms

If no risks found, proceed to Step 2.

## Step 2: Commit

1. Run `git status` to see what changed
2. Run `git diff --cached` and `git diff` to understand the actual changes
3. Stage all relevant changes (exclude `.env` files, credentials, and secrets)
4. Write a short, lowercase commit message describing what was done, e.g.:
   - "add whatsapp dashboard"
   - "fix chat streaming timeout"
   - "update subscription flow"
5. Use a single concise line — no body, no scope prefix, no conventional commits format
6. Commit with:

```
git commit -m "<short message>"
```