[FEATURE REQUEST] Support commit signing to work with GitHub Vigilant Mode
Resolved 💬 7 comments Opened Sep 16, 2025 by adriangilliam Closed Jan 13, 2026
Feature Request
Add support for Git commit signing when Claude Code creates commits, respecting the user's existing commit signing configuration.
Current Behavior
When Claude Code creates commits, they are not signed even when the user has commit signing configured locally with:
commit.gpgsign = truein git config- GPG or SSH signing keys properly configured
- Signing working correctly for manual commits
Problem
Users with GitHub Vigilant Mode enabled see Claude's commits marked as "Unverified", which:
- Creates visual inconsistency in commit history
- Can trigger organizational compliance warnings
- Requires manual amendment of commits to add signatures
Many organizations require all commits to be signed as part of their security policies.
Proposed Solution
Claude Code should detect and respect the user's commit signing configuration:
- Check for signing configuration:
git config commit.gpgsigngit config user.signingkeygit config gpg.format(GPG vs SSH)
- When creating commits:
- If signing is configured, add appropriate signing flags
- For GPG:
git commit -S - For SSH: ensure
gpg.format=sshis respected
- Graceful fallback:
- If signing fails, warn the user but still create unsigned commit
Example Implementation
# Check if signing is enabled
if git config --get commit.gpgsign | grep -q true; then
# Use -S flag for signed commits
git commit -S -m "message"
else
# Standard commit without signing
git commit -m "message"
fi
Related Documentation
This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗