Building Cryptographic Approval Gates for AI Agents

Instructions Won't Save You Here's the uncomfortable truth about AI agents: no matter how detailed your instructions are, they will eventually write code you didn't want them to write. Not because they're malicious, but because instructions are suggestions, not enforcement mechanisms. I built a cryptographic approval system using digital signatures , Copilot agent hooks , and an MCP plugin to solve this problem. The system intercepts every write attempt, checks for a valid signature, and only allows it through if the content was explicitly approved by a human. No exceptions, no workarounds. The best part? GitHub Copilot CLI built the entire plugin from a single prompt — the hook, the CLI, the MCP tool, everything. The Problem: Instructions Are Suggestions When you're working with AI agents in a codebase, you can write elaborate instructions about what files they should and shouldn't touch. You can be explicit about requiring approval for certain changes. You can make the instructions v