dotfiles - My linux config and rc files

	Commit message (Collapse)	Author	Age	Files	Lines
*	feat(git): pre-push checks Co-authored-by trailers for agents	sommerfeld	2026-05-13	1	-5/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Same substring blacklist (copilot, claude, codex, ...) is now also applied to every Co-authored-by trailer in the commit message, not just the author header. Agents commonly slip in via that route. Trailers extracted with %(trailers:key=Co-authored-by,valueonly, unfold,separator=%x1f) and split in awk on \037, which can't appear in identity strings, so the tab-delimited record format stays unambiguous. To fix a flagged trailer use git commit --amend / interactive rebase to drop the Co-authored-by line; --reset-author won't help here.
*	feat(git): pre-push also rejects coding-agent authors	sommerfeld	2026-05-13	1	-14/+42
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Block commits where the author name/email contains any of: copilot, claude, codex, chatgpt, cursor, aider, devin, [bot], @openai., @anthropic. Use plain index() substring matching in awk to dodge regex-escaping pitfalls (an earlier draft using regex turned \[bot\] into a char class via -v escape processing and false-matched 'o' in 'com'). Fix: rebase with --reset-author re-stamps you as author while keeping the agent as it was (or drop them entirely). Documented in the failure message.
*	feat(git): pre-push also rejects commits with foreign committer	sommerfeld	2026-05-13	1	-8/+34
\| \| \| \| \| \| \| \| \| \| \| \| \|	Now flags any commit whose committer name+email doesn't match the local user.name / user.email (which respects the includeIf rules in ~/.config/git/config, so per-tree work/personal identities work). Author is left free: pulling someone else's commit and rebasing it locally re-stamps the committer to you, satisfies this gate, and the original author is preserved in the commit metadata. Both checks (signature + committer) run in one rev-list pass with tab-separated fields so awk parses unambiguously.
*	feat(git): global pre-push hook rejecting unsigned commits	sommerfeld	2026-05-13	1	-0/+59
	Activated via core.hooksPath = ~/.config/git/hooks in the global git config. The hook walks each ref being pushed (range: remote..local or, for new branches, local --not --remotes) and checks %G? on every commit. Accepts G/U/X/Y (good signature variants), rejects N/B/E/R (no signature, bad, missing key, revoked). Bypass: git push --no-verify This repo overrides hooksPath to .githooks/ for its just-check pre-commit gate, so a thin .githooks/pre-push delegates to the global hook to keep the policy enforced here too.