Start with env args like AGENT_ID for indicating which Merkle hash of which model(s) generated which code with which agent(s) and add those attributes to signed (-S) commit messages. For traceability; to find other faulty code generated by the same model and determine whether an agent or a human introduced the fault.

Then, `git notes` is better for signature metadata because it doesn't change the commit hash to add signatures for the commit.

And then, you'd need to run a local Rekor log to use Sigstore attestations on every commit.

Sigstore.dev is SLSA.dev compliant.

Sigstore grants short-lived release attestation signing keys for CI builds on a build farm to sign artifacts with.

So, when jujutsu autocommits agent-generated code, what causes there to be an {{AGENT_ID}} in the commit message or git notes? And what stops a user from forging such attestations?

- "Diffwatch – Watch AI agents touch the FS and see diffs live" (2025) https://news.ycombinator.com/item?id=45786382 :

> you can manually stage against @-: [with jujutsu]