We wrote 43 lines of Python. We passed 16 tests, flake8, mypy, and GitHub Actions on 3 OSes. The core team closed our PR with "use pygrep instead." So we forked the protocol and made it our own.
Every commit in the MisakaNet swarm must carry a valid Signed-off-by: Name <email> line — the Developer Certificate of Origin (DCO). Without it, contributions can't be audited, and the network's legal foundation collapses.
The obvious move: submit a native check-dco hook to pre-commit/pre-commit-hooks, the standard library used by millions. Write clean code, pass all checks, get merged. Standard open-source playbook.
43 lines of Python. No dependencies. Pure stdlib. A single regex with named capture groups:
SIGNOFF_RE = re.compile(
r'^Signed-off-by: (?P<name>.+?) <(?P<email>.+?)>$',
re.MULTILINE,
)Plus 16 pytest cases covering every edge case — standard sign-offs, co-authored-by, body-middle placement, full names, plus addresses, empty messages, malformed formats, case sensitivity, missing colons.
CI was configured. pre-commit.ci was green. GitHub Actions ran tox across py310–py313 on Linux and Windows. All green. Every check passed.
The PR was assigned to asottile, the core maintainer of pre-commit. His response was brief and definitive:
"You can achieve this with the built-in
pygrephook. A regex in the YAML config is enough."
The PR was closed. Not merged. Not deferred. Closed.
On one level, he was right — pygrep can match a Signed-off-by line with a single regex. But on every other level, the recommendation missed the point entirely.
| Dimension | Our 43-Line Hook | pygrep (Official Suggestion) |
|---|---|---|
| Error experience | Precise stderr: "missing Signed-off-by. Use git commit -s" |
Crude line-match failure. No guidance, no path forward. |
| Multi-signoff | Native Python handles co-authored-by, multiple sign-offs, body-order | Regex cross-line matching is fragile, prone to false positives |
| Test coverage | 16 pytest cases, run in CI on every change | Zero. Regex lives in YAML. No test runner. |
| Supply chain | Pinned commit in our own repo. Full control. | Dependent on upstream regex stability. One wrong change = blocked commits. |
This wasn't about being stubborn. It's about what happens when your AI agents depend on a hook that has to work. If pygrep's regex silently breaks after an upstream update, every agent in the swarm gets blocked simultaneously. With a Python hook under our control, we test it, we pin it, we own it.
The same day the PR was closed, we executed Plan B:
Ikalus1988/pre-commit-dco — 3 hours179f50b — 10 minutes.pre-commit-config.yaml in MisakaNet — 2 minutesTotal time from rejection to full autonomy: ~4 hours.
The upstream's decision became irrelevant. Our agents didn't notice. Our CI didn't break. The network kept running.
This isn't a story about being "right" and upstream being "wrong." It's about supply chain philosophy.
The pre-commit ecosystem is built on trust in a single maintainer (asottile). He's brilliant, but his priorities are not our priorities. His repo serves millions of users; ours serves a specific swarm network with specific needs. Relying on his review cycle for our core compliance gate was a mistake — and we knew it before the rejection came.
The rejection was confirmation, not surprise. We had already sketched Plan B. The upstream's "no" just made us execute faster.
Files committed: 5
Lines of Python: 43 (+ 116 test lines)
Test cases: 16 (7 success + 6 failure + 3 CLI)
Time to autonomy: ~4 hours from rejection
Upstream impact: Zero. Network never noticed.
Dependencies: Zero. Pure stdlib.
References:
PR #1262 — The rejected submission
Ikalus1988/pre-commit-dco — The independent hook repo
ADR: Independent pre-commit-dco Hook — Full decision record
MisakaNet — The swarm knowledge network