Manav Manav.id
← All demos
POLICY · 6 of 10

Fake commits fail at the CI gate because they're unsigned.

Previously framed as IDE keystroke surveillance to detect "sessionless" commits. Reframed: configure Git + CI to reject any unsigned commit on protected branches and any PR merge without a fresh Manav receipt. Bots can open PRs. Bots can write code. Bots cannot merge without consensual signed authority, from a human, or from a delegation chain that traces back to one.

Privacy posture for this scene
Zero IDE surveillance. Policy enforcement at the repo.
  • Git commit signing is a 20-year-old primitive; Manav supplies the custody and verification.
  • Agent-authored commits land, if the agent carries a delegation receipt chained to a human.
  • No anonymous code reaches production. There is no third option.

The bad framing, IDE keystroke surveillance

"We monitor every keystroke in the developer's IDE and flag commits that land without an active typing session." Requires installing a telemetry agent on every developer's machine. Generates false positives on copy-paste. Hostile to remote work and to developer trust.

The privacy-preserving framing, repository policy

Configure Git to require commit signing on protected branches. Configure CI to reject any unsigned commit. Configure GitHub/GitLab branch protection to reject any merge without a fresh Manav approval receipt. Manav supplies the signing key custody and verification; Git supplies the signing primitive.

Sample protected-branch policy

branches:
  main:
    require_signed_commits:    true
    accepted_signing_keys:     "manav-managed"
    require_manav_merge_proof: true
    delegation_allowed:        true   // agents can commit if delegated
    delegation_max_chain:      1

Three commit attempts

git push origin main (unsigned)

⛔ Rejected, no Manav signature on commit

PR merge by bot (no merge receipt)

⛔ Rejected, protected branch requires Manav merge proof

PR merge by Asha (with Manav approval)

✓ Accepted, receipt mnav_proof_pr_92a8

No anonymous code lands. The developer's IDE is never touched. The repo enforces the rule; Manav supplies the cryptographic proof.

Want to ship this in your own app?

Three lines of JavaScript. Demo key mnav_test_demo works on localhost.

Get the SDK →
← Receipt context Origin attestation →