Manav.id
Future of Work4 min read

"My agent shipped this"

Agent commit signature

Co-Authored-By is forty years old. The agent era needs a new git trailer — one that names the human who authorized, the agent that produced, and the role between them. Here is what we propose, and why it should be a standard.

The trailer

Authored-By-Human: Vishal Kumar <[email protected]>
Human-DID: did:manav:0x1a2b3c4d5e6f
Authority: del_01HF3Y...
Agent: claude-sonnet-4.6 / cursor-1.42
Authorship-Role: supervised
Witnesses: did:manav:0xabc..., did:manav:0xdef...
Manav-Sig: ed25519:6f3...c92

What each line means

Authored-By-Human — the human accountable for the commit. Human-DID — the cryptographic identifier of that human, resolvable by any verifier. Authority — the delegation token under which the agent acted. Agent — the model and tool that produced the diff. Authorship-Role — authored, supervised, or directed; weighted differently in PoHW and in code-review tooling. Witnesses — DIDs of code reviewers; a commit with zero witnesses lands a flag in the audit log. Manav-Sig — the signature binding all of the above to the commit hash.

Why a trailer, not a separate file

Every commit-following tool — git itself, GitHub's UI, IntelliJ's blame, the entire forensic toolchain — already understands trailers. A new file would require a parallel infrastructure. The trailer rides along, invisible to teams that don't need it and indispensable to teams that do.

How tooling consumes it

git verify-commit understands the trailer, validates the Manav-Sig against the human's public key, checks the delegation is current, and reports green or red. Code-review systems display the role and witnesses. SOC 2 evidence exports filter by Authorship-Role. Performance reviews filter by witnessed authorship. The same five lines power all of it.

What changes for engineers

Three habits, all small. Sign your delegations — once a day, once a week, however often the scope demands. Declare your role honestly — the most directed work still has value; the protocol does not penalize role-honesty. Witness others' work — code review becomes a structural part of the attestation graph, not a politeness.

What does not change

Performance, mostly. The signature is verified once at push and cached at the relying party; future operations on the same commit do not re-verify. Tooling that doesn't recognize the trailer ignores it. Repos that opt in see the new fields; everyone else continues to see plain commits.

Common objections

Two pushbacks we expect. Won't this slow workers down? First delegation prompt costs 90 seconds; allowlisted scopes vanish after that. Won't employers weaponize the audit trail? The protocol design — selective disclosure, user-owned wallet, explicit non-features around compensation and termination cause — addresses the most cited abuse paths.

Frequently asked questions

Does this change my employment contract? Yes, slowly. Expect a paragraph in salaried offers above $80k specifying role-declaration on AI-augmented work, audit-log retention, and IP attribution. The clauses look like the GDPR paragraphs every contract has carried for years — boring, ubiquitous, structurally important.

What about people who don't use AI? They keep working without changes. The protocol is opt-in at the action layer; an unsigned action is the default for any human who has not enrolled an agent. Adoption follows incentives, not mandates.

What happens to my work history when I change jobs? It stays with you. The attestations your employer signed are bound to your DID, not their tenant. The next employer can verify them in seconds; you can revoke their visibility at any time.

Where to start

From here, agent identity software sets the broader work-history substrate and proof of human work spec addresses the hiring-side mechanics. Read those together and the policy questions get a lot more answerable.

Adjacent reading

For the wider work-history substrate, see the verified work passport. For the hiring-side mechanics, see resume fraud in the AI era and the laptop farm playbook. The three together set the new contract between humans, employers, and the agents that increasingly sit between them.

What changes when the artifact is signed

A signed artifact is the difference between a portfolio piece and an attestation. The portfolio piece says "I made this" and asks the reviewer to take the claim on faith. The attestation says "I made this, here is the chain of evidence, here is the role I played, here is the witness who confirmed it." Reviewers stop reading portfolios when the volume scales; they keep reading attestations because the evidence is checkable in seconds. The shift is not about increasing trust; it is about decreasing the cost of verification. A reviewer who can verify a hundred candidates in the time they used to verify ten gets to interview deeper, hire faster, and trust more confidently. The candidate gets durable proof of contribution that travels with them across employers. The work product becomes the credential. The portfolio becomes the wallet. The hiring conversation becomes about fit rather than fact-checking.

The first commit signature was DKIM for code. The next one names the humans your code can be trusted to.

Keep reading

Vertical

Agent identity for software companies
Crypto

PoHW technical spec
Compliance

Audit trail design