You can get a list of "unpushed" commits in your local repository by comparing the current branch with the upstream branch. For example, something like:
$ git status On branch master Your branch is ahead of 'origin/master' by 1 commit. (use "git push" to publish your local commits) nothing to commit, working directory clean
This tells us that we have one fixation that we have not moved up. We can use git log to list these commits:
$ git log --oneline origin/master..master bc9dacf added another file
So, there is a list of unpublished commits that we could repack willingly, without affecting a single employee. As long as you limit yourself to them you are in good shape.
Of course, part of your question was about automating this behavior. There is a pre-rebase hook that is called before the redirect operation, which can be used to provide this, but I think I will leave this as an exercise for the reader. I am not sure if this is a big problem in practice.
If the upstream project you are working with has a workflow based on GitHub or Gerrit submission requests or something similar, you need to worry less: because you never push the shared repository, your changes will simply be discarded if you succeed reinstall your local repository in a way that is incompatible with the state of the source code.