# Your Work, Not Your Agent's Signature: A Local Git Guardrail for AI Credits

> Source: <https://dev.to/paladini/your-work-not-your-agents-signature-a-local-git-guardrail-for-ai-credits-518f>
> Published: 2026-07-15 18:00:19+00:00

AI coding tools are changing how we write software. They can draft a test,

explain an unfamiliar codebase, or turn a rough idea into a useful first

implementation. That part is not the problem.

The annoying part comes at the end of the workflow: a commit message or pull

request body suddenly includes an automatic line such as:

```
Generated with Claude Code
```

or:

```
Co-authored-by: Claude <noreply@anthropic.com>
```

Sometimes that attribution is intentional. Sometimes it is required by a

team's policy. But sometimes it is only a default footer that slipped through

because the developer was focused on reviewing the code.

Once it reaches a commit, it is part of Git history. Once a pull request is

open, it is already on GitHub. A CI check can report the problem, but it cannot

make that publication boundary local again.

That is the problem [ai-credit-scrub](https://github.com/paladini/ai-credit-scrub)

solves. Version 1.1.0 is a small, free, offline-first Go CLI that removes

*explicit* AI-agent credit text before it becomes a commit, reaches a remote,

or is sent to GitHub in a pull request.

The important word is *explicit*. This is not an AI detector, and it does not

try to decide who wrote your code. It removes known, complete credit lines. It

does not rewrite Git authors or committers, remove human co-authors, upload

source code, send prompts to a service, or call a model.

The best place to prevent accidental publication is the machine where the

publication starts.

``` php
agent or IDE proposes text
          |
          +-- commit-msg --> clean before Git creates the commit
          +-- pre-push   --> stop a credit that escaped the first check
          +-- pr create  --> clean title and body before calling gh
```

That is a very different model from collecting commits in CI and telling

someone about them later. Local guardrails preserve the developer's control and

keep the sensitive content on the developer's machine.

You can download a binary from the

[GitHub Releases page](https://github.com/paladini/ai-credit-scrub/releases),

or install it with Go:

```
go install github.com/paladini/ai-credit-scrub/cmd/ai-credit-scrub@latest
```

Then, from the Git repository you want to protect, run:

```
ai-credit-scrub install --git
```

That one command installs two local hooks:

| Hook | What it does |
|---|---|
`commit-msg` |
Rewrites the temporary commit-message file before Git creates the commit object. |
`pre-push` |
Inspects outgoing commit messages and blocks a matching credit before the remote update is sent. |

The installer does not discard an existing hook. It preserves it and chains it

before ai-credit-scrub runs. Re-run the installer if you move the binary, since

the generated hooks use its absolute path.

Suppose an AI tool helps you implement a feature. You review the diff, test it,

and create a commit. The tool or your Git client adds this trailer:

```
Add account settings page

Co-authored-by: Claude <noreply@anthropic.com>
```

With the hook installed, Git passes that temporary message file through

ai-credit-scrub before it writes the commit. The commit that exists in history

is simply:

```
Add account settings page
```

This is deliberately narrow. These ordinary lines remain untouched:

```
Reviewed in Cursor
Co-authored-by: Ada Lovelace <ada@example.com>
```

Product names alone are not matches. The tool looks for complete, known agent

credit signatures for Codex, Claude Code, Cursor, Windsurf, and GitHub Copilot.

That conservative approach matters: a hygiene tool should not surprise you by

rewriting ordinary prose or human attribution.

The hooks are the guardrail, but the CLI is useful on its own as well. Scan a

file without modifying it:

```
ai-credit-scrub scan CHANGELOG.md
```

Clean a reviewed file in place:

```
ai-credit-scrub clean --in-place CHANGELOG.md
```

For scripts and tooling, `scan`

and `check`

can return JSON too:

```
ai-credit-scrub check --format json pull-request.md
```

`check`

exits with a failure status when it finds a match, which makes it useful

when you want a local command to stop another local workflow.

Git hooks protect commit messages, but a pull request title and body are not

Git objects. They need their own local publication path.

Use the built-in wrapper instead of calling `gh pr create`

directly:

```
ai-credit-scrub pr create \
  --title "Document local hooks" \
  --body "Explain the guardrail.\n\nGenerated with Claude Code"
```

ai-credit-scrub cleans the title and body, then delegates to your existing,

already-authenticated GitHub CLI. It does not need an account, another token, or

a hosted backend.

You can also use a body file, which is usually nicer for a real PR:

```
ai-credit-scrub pr create \
  --title "Add local publication guardrails" \
  --body-file pull-request.md
```

Git is the universal enforcement layer because most local tools eventually call

Git. ai-credit-scrub also offers optional adapters for repositories that use

Codex, Claude Code, Cursor, Windsurf, or GitHub Copilot:

```
ai-credit-scrub install --adapter codex
ai-credit-scrub install --adapter claude
ai-credit-scrub install --adapter cursor
```

An adapter adds local guidance to use the Git hooks and the PR wrapper. It is

not magic interception, and it will not overwrite an existing agent

configuration file. If your repository already owns that file, merge the

emitted configuration deliberately.

Every organization has its own vocabulary. You can define literal or regular

expression rules in `.ai-credit-scrub.yml`

, but custom automatic rewriting

requires this explicit acknowledgement:

```
version: 1
reviewed: true
literals:
  - "Generated by Internal Coding Assistant"
```

The `reviewed: true`

requirement is intentional. First run a scan, inspect what

would match, and only then allow the rule to alter text. The goal is prevention,

not an overzealous cleaner that silently changes project history.

Local software should be honest about its boundaries.

`git push --no-verify`

is an intentional way to bypass client-side hooks.For the last case, use `ai-credit-scrub pr create`

, or put a local sanitized MCP

proxy in front of the only GitHub-writing server available to the agent. The

[integration guide](https://github.com/paladini/ai-credit-scrub/blob/main/docs/integrations.md)

explains that boundary in more detail.

It is also worth saying plainly: confirm that removing an AI credit is

compatible with your organization's policy, contributor agreement, and

applicable law. This tool gives you a local technical control; it does not make

that policy decision for you.

Using AI assistance is now a normal part of programming for many people. The

question is whether an automatic footer belongs in every artifact you publish.

For developers who want to make that choice themselves, the guardrail needs to

run before the artifact leaves their machine.

[ai-credit-scrub](https://github.com/paladini/ai-credit-scrub) v1.1.0 keeps the

implementation intentionally small: deterministic rules, local Git hooks, a

safe PR creation path, and clear limits. No surveillance layer. No model call.

No attempt to rewrite human identity.

Install it in one repository, try a commit with a known credit line, and inspect

the result. The useful outcome is simple: your published Git history says what

you intended it to say.
