![Each AI Agent Gets Its Own GitHub Identity: How We Gave Every Bot Its Own [bot] Commit Signature](/_next/image?url=https%3A%2F%2Fmedia2.dev.to%2Fdynamic%2Fimage%2Fwidth%3D1200%2Cheight%3D627%2Cfit%3Dcover%2Cgravity%3Dauto%2Cformat%3Dauto%2Fhttps%253A%252F%252Fdev-to-uploads.s3.amazonaws.com%252Fuploads%252Farticles%252Fhukezdrlwoblbz6xii9j.png&w=1200&q=75)
Each AI Agent Gets Its Own GitHub Identity: How We Gave Every Bot Its Own [bot] Commit Signature
I run multiple AI agents on my home server. They build code, open PRs, merge branches. For a long time, all those commits showed up as mine — my personal PAT, my SSH key, my email on every git commit . That bothered me. Then I gave each agent its own GitHub App identity. Now commits look like this: agent-lea[bot] committed 3 hours ago agent-paaru[bot] committed 12 minutes ago agent-mayasura[bot] committed 1 hour ago Here's exactly how it works, and one non-obvious thing that tripped me up. Why bother? A few reasons: Audit trail — when an AI agent merges a PR at 3am, you want to know which agent did it Security isolation — each agent gets only the repo permissions it actually needs No personal credentials on the server — my PAT and SSH key are off the machine entirely The commits look legit — GitHub renders [bot] verified commits with a different badge The last point matters more than I expected. When you look at the git log and see agent-paaru[bot] next to a commit, it's immediately cl
Continue reading on Dev.to
Opens in a new tab
