dotfiles/dot_config/git/hooks, branch master

refactor(git): use classic .git/hooks/ for per-clone override

2026-05-19T15:50:52Z

Switch the dispatcher's per-clone override location from the bespoke .git/hooks-local/ to the classic .git/hooks/. This is: - The untracked location git has used since forever, so no new convention to learn. - Where husky, lefthook, pre-commit-the-tool, and most other hook managers install by default — they now "just work" again under our global core.hooksPath. git init's *.sample files don't collide because the dispatcher only matches the exact hook name and the executable bit. The only behavior change is that a forgotten legacy .git/hooks/pre-commit from before core.hooksPath was set will start running again — that's arguably restoring expected git semantics, not a regression.

feat(git): per-clone hook override at .git/hooks-local/

2026-05-19T15:50:52Z

Adds an untracked per-clone override layer to the hook dispatcher. Lookup order is now: 1. /hooks-local/ — untracked, per-clone, ignored by git 2. /.githooks/ — tracked, shared with teammates Use case: a shared repo ships a .githooks/pre-commit you want to locally replace without modifying the tracked file. Drop your hook in .git/hooks-local/ (chmod +x) and the dispatcher will run it instead — the global commit-msg trailer-strip and pre-push gate still run on top. If neither override exists, only the global user-level logic runs.

feat(git): user-level hooks auto-dispatch into /.githooks/

2026-05-19T15:45:17Z

Inverts the hook delegation model. Previously per-repo hooks required a project to either (a) write the entire hook themselves and lose the global signed-commit / agent-author gate, or (b) override core.hooksPath and write passthrough stubs that exec back to $HOME/.config/git/hooks/*. Both are ergonomically miserable. Now: the global hooks at ~/.config/git/hooks/ are *always* the entry point. Each one calls a shared dispatcher (_dispatch.sh) that runs /.githooks/ if it exists, propagating its exit status, and then continues with whatever the global hook itself wants to do. Projects just drop an executable file at .githooks/ — no core.hooksPath, no stubs, no boilerplate. Repos that don't have a .githooks/ dir keep working exactly as before. GIT_HOOK_DISPATCHED guards against re-entry so legacy repos using the old stub-and-exec pattern don't loop. pre-push tees stdin so both the repo hook and the global ref-list loop see the full push payload. Adds two new always-no-op global hooks (pre-commit, post-commit) purely so the dispatch happens for those events too — previously only commit-msg and pre-push existed globally. Refactors this dotfiles repo to use the new pattern: drops the self-delegating .githooks/pre-push stub and removes the per-repo core.hooksPath override from `just init` (now an idempotent unsetter to clean up the override from past bootstraps). The remote-dev VM's home-manager profile symlinks all four hooks plus _dispatch.sh.

feat(git): commit-msg hook strips AI Co-authored-by trailers

2026-05-19T15:45:17Z

Various agentic tools (Copilot CLI, VS Code chat, etc.) auto-append `Co-authored-by: Copilot <...>` / Claude / Codex trailers, which then trip the pre-push hook's agent-coauthor check and force a manual amend before the push goes through. Scrub at commit time instead. Uses the same agent-substring list as executable_pre-push (kept in sync by comment). Triggered as commit-msg (not pre-commit — pre-commit runs before the message exists). Drops matching trailers in-place, collapses trailing blanks, and is a no-op otherwise. Also symlinks the new hook in the remote-dev home-manager config so it deploys on the Ubuntu VM. Bypass: `git commit --no-verify`.

feat(git): pre-push checks Co-authored-by trailers for agents

2026-05-13T12:43:34Z

Same substring blacklist (copilot, claude, codex, ...) is now also applied to every Co-authored-by trailer in the commit message, not just the author header. Agents commonly slip in via that route. Trailers extracted with %(trailers:key=Co-authored-by,valueonly, unfold,separator=%x1f) and split in awk on \037, which can't appear in identity strings, so the tab-delimited record format stays unambiguous. To fix a flagged trailer use git commit --amend / interactive rebase to drop the Co-authored-by line; --reset-author won't help here.

feat(git): pre-push also rejects coding-agent authors

2026-05-13T12:43:34Z

Block commits where the author name/email contains any of: copilot, claude, codex, chatgpt, cursor, aider, devin, [bot], @openai., @anthropic. Use plain index() substring matching in awk to dodge regex-escaping pitfalls (an earlier draft using regex turned \[bot\] into a char class via -v escape processing and false-matched 'o' in 'com'). Fix: rebase with --reset-author re-stamps you as author while keeping the agent as it was (or drop them entirely). Documented in the failure message.

feat(git): pre-push also rejects commits with foreign committer

2026-05-13T12:43:34Z

Now flags any commit whose committer name+email doesn't match the local user.name / user.email (which respects the includeIf rules in ~/.config/git/config, so per-tree work/personal identities work). Author is left free: pulling someone else's commit and rebasing it locally re-stamps the committer to you, satisfies this gate, and the original author is preserved in the commit metadata. Both checks (signature + committer) run in one rev-list pass with tab-separated fields so awk parses unambiguously.

feat(git): global pre-push hook rejecting unsigned commits

2026-05-13T12:43:34Z

Activated via core.hooksPath = ~/.config/git/hooks in the global git config. The hook walks each ref being pushed (range: remote..local or, for new branches, local --not --remotes) and checks %G? on every commit. Accepts G/U/X/Y (good signature variants), rejects N/B/E/R (no signature, bad, missing key, revoked). Bypass: git push --no-verify This repo overrides hooksPath to .githooks/ for its just-check pre-commit gate, so a thin .githooks/pre-push delegates to the global hook to keep the policy enforced here too.