| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch the dispatcher's per-clone override location from the
bespoke .git/hooks-local/ to the classic .git/hooks/. This is:
- The untracked location git has used since forever, so no new
convention to learn.
- Where husky, lefthook, pre-commit-the-tool, and most other hook
managers install by default — they now "just work" again under our
global core.hooksPath.
git init's *.sample files don't collide because the dispatcher only
matches the exact hook name and the executable bit. The only behavior
change is that a forgotten legacy .git/hooks/pre-commit from before
core.hooksPath was set will start running again — that's arguably
restoring expected git semantics, not a regression.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an untracked per-clone override layer to the hook dispatcher.
Lookup order is now:
1. <git-dir>/hooks-local/<name> — untracked, per-clone, ignored by git
2. <repo-top>/.githooks/<name> — tracked, shared with teammates
Use case: a shared repo ships a .githooks/pre-commit you want to
locally replace without modifying the tracked file. Drop your hook in
.git/hooks-local/<name> (chmod +x) and the dispatcher will run it
instead — the global commit-msg trailer-strip and pre-push gate still
run on top.
If neither override exists, only the global user-level logic runs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inverts the hook delegation model. Previously per-repo hooks required
a project to either (a) write the entire hook themselves and lose the
global signed-commit / agent-author gate, or (b) override
core.hooksPath and write passthrough stubs that exec back to
$HOME/.config/git/hooks/*. Both are ergonomically miserable.
Now: the global hooks at ~/.config/git/hooks/ are *always* the entry
point. Each one calls a shared dispatcher (_dispatch.sh) that runs
<repo>/.githooks/<hookname> if it exists, propagating its exit status,
and then continues with whatever the global hook itself wants to do.
Projects just drop an executable file at .githooks/<name> — no
core.hooksPath, no stubs, no boilerplate. Repos that don't have a
.githooks/ dir keep working exactly as before.
GIT_HOOK_DISPATCHED guards against re-entry so legacy repos using the
old stub-and-exec pattern don't loop. pre-push tees stdin so both the
repo hook and the global ref-list loop see the full push payload.
Adds two new always-no-op global hooks (pre-commit, post-commit)
purely so the dispatch happens for those events too — previously only
commit-msg and pre-push existed globally.
Refactors this dotfiles repo to use the new pattern: drops the
self-delegating .githooks/pre-push stub and removes the per-repo
core.hooksPath override from `just init` (now an idempotent unsetter
to clean up the override from past bootstraps). The remote-dev VM's
home-manager profile symlinks all four hooks plus _dispatch.sh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various agentic tools (Copilot CLI, VS Code chat, etc.) auto-append
`Co-authored-by: Copilot <...>` / Claude / Codex trailers, which then
trip the pre-push hook's agent-coauthor check and force a manual
amend before the push goes through. Scrub at commit time instead.
Uses the same agent-substring list as executable_pre-push (kept in
sync by comment). Triggered as commit-msg (not pre-commit — pre-commit
runs before the message exists). Drops matching trailers in-place,
collapses trailing blanks, and is a no-op otherwise.
Also symlinks the new hook in the remote-dev home-manager config so
it deploys on the Ubuntu VM.
Bypass: `git commit --no-verify`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Same substring blacklist (copilot, claude, codex, ...) is now also
applied to every Co-authored-by trailer in the commit message, not
just the author header. Agents commonly slip in via that route.
Trailers extracted with %(trailers:key=Co-authored-by,valueonly,
unfold,separator=%x1f) and split in awk on \037, which can't appear
in identity strings, so the tab-delimited record format stays
unambiguous.
To fix a flagged trailer use git commit --amend / interactive rebase
to drop the Co-authored-by line; --reset-author won't help here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Block commits where the author name/email contains any of:
copilot, claude, codex, chatgpt, cursor, aider, devin, [bot],
@openai., @anthropic.
Use plain index() substring matching in awk to dodge regex-escaping
pitfalls (an earlier draft using regex turned \[bot\] into a char
class via -v escape processing and false-matched 'o' in 'com').
Fix: rebase with --reset-author re-stamps you as author while
keeping the agent as it was (or drop them entirely). Documented in
the failure message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Now flags any commit whose committer name+email doesn't match the
local user.name / user.email (which respects the includeIf rules in
~/.config/git/config, so per-tree work/personal identities work).
Author is left free: pulling someone else's commit and rebasing it
locally re-stamps the committer to you, satisfies this gate, and the
original author is preserved in the commit metadata.
Both checks (signature + committer) run in one rev-list pass with
tab-separated fields so awk parses unambiguously.
|
|
|
Activated via core.hooksPath = ~/.config/git/hooks in the global
git config. The hook walks each ref being pushed (range: remote..local
or, for new branches, local --not --remotes) and checks %G? on every
commit. Accepts G/U/X/Y (good signature variants), rejects N/B/E/R
(no signature, bad, missing key, revoked).
Bypass: git push --no-verify
This repo overrides hooksPath to .githooks/ for its just-check
pre-commit gate, so a thin .githooks/pre-push delegates to the global
hook to keep the policy enforced here too.
|
sommerfeld