[FEATURE REQUEST] Support commit signing to work with GitHub Vigilant Mode

Resolved 💬 7 comments Opened Sep 16, 2025 by adriangilliam Closed Jan 13, 2026

Feature Request

Add support for Git commit signing when Claude Code creates commits, respecting the user's existing commit signing configuration.

Current Behavior

When Claude Code creates commits, they are not signed even when the user has commit signing configured locally with:

  • commit.gpgsign = true in git config
  • GPG or SSH signing keys properly configured
  • Signing working correctly for manual commits

Problem

Users with GitHub Vigilant Mode enabled see Claude's commits marked as "Unverified", which:

  • Creates visual inconsistency in commit history
  • Can trigger organizational compliance warnings
  • Requires manual amendment of commits to add signatures

Many organizations require all commits to be signed as part of their security policies.

Proposed Solution

Claude Code should detect and respect the user's commit signing configuration:

  1. Check for signing configuration:
  • git config commit.gpgsign
  • git config user.signingkey
  • git config gpg.format (GPG vs SSH)
  1. When creating commits:
  • If signing is configured, add appropriate signing flags
  • For GPG: git commit -S
  • For SSH: ensure gpg.format=ssh is respected
  1. Graceful fallback:
  • If signing fails, warn the user but still create unsigned commit

Example Implementation

# Check if signing is enabled
if git config --get commit.gpgsign | grep -q true; then
    # Use -S flag for signed commits
    git commit -S -m "message"
else
    # Standard commit without signing
    git commit -m "message"
fi

Related Documentation

View original on GitHub ↗

This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗