cd /news/developer-tools/your-work-not-your-agent-s-signature… · home topics developer-tools article
[ARTICLE · art-60920] src=dev.to ↗ pub= topic=developer-tools verified=true sentiment=↑ positive

Your Work, Not Your Agent's Signature: A Local Git Guardrail for AI Credits

A developer released ai-credit-scrub v1.1.0, a free, offline-first Go CLI tool that removes explicit AI-agent credit lines from commit messages and pull request bodies before they reach Git history or GitHub. The tool installs local Git hooks to strip known credit signatures from tools like Claude Code, GitHub Copilot, and Cursor, preserving developer control and keeping sensitive content local.

read6 min views2 publishedJul 15, 2026

AI coding tools are changing how we write software. They can draft a test,

explain an unfamiliar codebase, or turn a rough idea into a useful first

implementation. That part is not the problem.

The annoying part comes at the end of the workflow: a commit message or pull

request body suddenly includes an automatic line such as:

Generated with Claude Code

or:

Co-authored-by: Claude <noreply@anthropic.com>

Sometimes that attribution is intentional. Sometimes it is required by a

team's policy. But sometimes it is only a default footer that slipped through

because the developer was focused on reviewing the code.

Once it reaches a commit, it is part of Git history. Once a pull request is

open, it is already on GitHub. A CI check can report the problem, but it cannot

make that publication boundary local again.

That is the problem ai-credit-scrub

solves. Version 1.1.0 is a small, free, offline-first Go CLI that removes

explicit AI-agent credit text before it becomes a commit, reaches a remote,

or is sent to GitHub in a pull request.

The important word is explicit. This is not an AI detector, and it does not

try to decide who wrote your code. It removes known, complete credit lines. It

does not rewrite Git authors or committers, remove human co-authors, upload

source code, send prompts to a service, or call a model.

The best place to prevent accidental publication is the machine where the

publication starts.

agent or IDE proposes text
          |
          +-- commit-msg --> clean before Git creates the commit
          +-- pre-push   --> stop a credit that escaped the first check
          +-- pr create  --> clean title and body before calling gh

That is a very different model from collecting commits in CI and telling

someone about them later. Local guardrails preserve the developer's control and

keep the sensitive content on the developer's machine.

You can download a binary from the

GitHub Releases page,

or install it with Go:

go install github.com/paladini/ai-credit-scrub/cmd/ai-credit-scrub@latest

Then, from the Git repository you want to protect, run:

ai-credit-scrub install --git

That one command installs two local hooks:

Hook What it does
commit-msg
Rewrites the temporary commit-message file before Git creates the commit object.
pre-push
Inspects outgoing commit messages and blocks a matching credit before the remote update is sent.

The installer does not discard an existing hook. It preserves it and chains it

before ai-credit-scrub runs. Re-run the installer if you move the binary, since

the generated hooks use its absolute path.

Suppose an AI tool helps you implement a feature. You review the diff, test it,

and create a commit. The tool or your Git client adds this trailer:

Add account settings page

Co-authored-by: Claude <noreply@anthropic.com>

With the hook installed, Git passes that temporary message file through

ai-credit-scrub before it writes the commit. The commit that exists in history

is simply:

Add account settings page

This is deliberately narrow. These ordinary lines remain untouched:

Reviewed in Cursor
Co-authored-by: Ada Lovelace <ada@example.com>

Product names alone are not matches. The tool looks for complete, known agent

credit signatures for Codex, Claude Code, Cursor, Windsurf, and GitHub Copilot.

That conservative approach matters: a hygiene tool should not surprise you by

rewriting ordinary prose or human attribution.

The hooks are the guardrail, but the CLI is useful on its own as well. Scan a

file without modifying it:

ai-credit-scrub scan CHANGELOG.md

Clean a reviewed file in place:

ai-credit-scrub clean --in-place CHANGELOG.md

For scripts and tooling, scan

and check

can return JSON too:

ai-credit-scrub check --format json pull-request.md

check

exits with a failure status when it finds a match, which makes it useful

when you want a local command to stop another local workflow.

Git hooks protect commit messages, but a pull request title and body are not

Git objects. They need their own local publication path.

Use the built-in wrapper instead of calling gh pr create

directly:

ai-credit-scrub pr create \
  --title "Document local hooks" \
  --body "Explain the guardrail.\n\nGenerated with Claude Code"

ai-credit-scrub cleans the title and body, then delegates to your existing,

already-authenticated GitHub CLI. It does not need an account, another token, or

a hosted backend.

You can also use a body file, which is usually nicer for a real PR:

ai-credit-scrub pr create \
  --title "Add local publication guardrails" \
  --body-file pull-request.md

Git is the universal enforcement layer because most local tools eventually call

Git. ai-credit-scrub also offers optional adapters for repositories that use

Codex, Claude Code, Cursor, Windsurf, or GitHub Copilot:

ai-credit-scrub install --adapter codex
ai-credit-scrub install --adapter claude
ai-credit-scrub install --adapter cursor

An adapter adds local guidance to use the Git hooks and the PR wrapper. It is

not magic interception, and it will not overwrite an existing agent

configuration file. If your repository already owns that file, merge the

emitted configuration deliberately.

Every organization has its own vocabulary. You can define literal or regular

expression rules in .ai-credit-scrub.yml

, but custom automatic rewriting

requires this explicit acknowledgement:

version: 1
reviewed: true
literals:
  - "Generated by Internal Coding Assistant"

The reviewed: true

requirement is intentional. First run a scan, inspect what

would match, and only then allow the rule to alter text. The goal is prevention,

not an overzealous cleaner that silently changes project history.

Local software should be honest about its boundaries.

git push --no-verify

is an intentional way to bypass client-side hooks.For the last case, use ai-credit-scrub pr create

, or put a local sanitized MCP

proxy in front of the only GitHub-writing server available to the agent. The

integration guide

explains that boundary in more detail.

It is also worth saying plainly: confirm that removing an AI credit is

compatible with your organization's policy, contributor agreement, and

applicable law. This tool gives you a local technical control; it does not make

that policy decision for you.

Using AI assistance is now a normal part of programming for many people. The

question is whether an automatic footer belongs in every artifact you publish.

For developers who want to make that choice themselves, the guardrail needs to

run before the artifact leaves their machine.

ai-credit-scrub v1.1.0 keeps the

implementation intentionally small: deterministic rules, local Git hooks, a

safe PR creation path, and clear limits. No surveillance layer. No model call.

No attempt to rewrite human identity.

Install it in one repository, try a commit with a known credit line, and inspect

the result. The useful outcome is simple: your published Git history says what

you intended it to say.

── more in #developer-tools 4 stories · sorted by recency
── more on @ai-credit-scrub 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/your-work-not-your-a…] indexed:0 read:6min 2026-07-15 ·