A commit at 03:14 with no human bound to it.

CI bots, leaked tokens, and AI agents can all push artifacts that look authentic. Manav binds every work artifact to an active human session - or refuses to attest it. Engineering can block merges on the refusal.

Before: MEDIUM After: HIGH

The catchEvery commit either has a human signal or it does not ship.

git · payments-api · main · 03:14 EST

Inbound artifact

payments-api · main

Hash8f3a91c

Author[email protected]

Pushed03:14 local

Diff+120 / −5 across 3 files

Active session at 03:14none

The detection rule.

if (workEvent.type === 'code_commit'
    && !workEvent.sessionId)
  trigger NO_VERIFIED_HUMAN;

Anomaly opened · NO_VERIFIED_HUMAN

88% confidence · severity high

There is no active human session for usr-john at 03:14. The artifact is not attested - the proof page returns Unverified.

Unverified

No active session at 03:14

Open public proof

Gate every merge on a Manav stamp

Two lines in your GitHub workflow - orphan commits never reach main.

# .github/workflows/merge-gate.yml
- name: Require Manav stamp
  uses: manav-id/stamp-action@v1
  with:
    require: human_created or human_supervised_ai
    block-on: NO_VERIFIED_HUMAN, GHOST_SWITCH
    org:     acme-ai

# .gitlab-ci.yml - merge-gate stage
manav-stamp:
  stage: gate
  image: manavid/cli:latest
  script:
    - manav stamp verify \
        --commit $CI_COMMIT_SHA \
        --require human \
        --block-on NO_VERIFIED_HUMAN

# Run locally - same verifier the action wraps
$ manav stamp verify --commit 8f3a91c
✘ NO_VERIFIED_HUMAN  no active session at push time
                      see manav.id/proof/john-orphan-commit
$ echo $?
1

Engineer · 5 min

Keep the tour going.

Next: Proof link - A URL anyone can open. Three trust labels.

Continue tour