GHOST
git hook for origin source tracking
Most attribution tools depend on contributors self-reporting AI use. Ghost reverses that: the repo owner enforces provenance. Every commit either carries a cryptographic attribution note written when an agent edits files, or it is treated as human-authored.
Attribution In Action
⚡ Bootstrapping ghost-ai in local repository...
✔ Detected Git repository at /users/dev/projects/ghost-client
✔ Created post-commit hook: .git/hooks/post-commit
✔ Configured auto-push for refs/notes/ghost and refs/notes/ghost-verified
✔ Successfully registered agent hooks for Claude Code & Cursor
# Ready to track origin source provenance.
Mandated Provenance
The owner sets the policy, CI enforces it. Commits without verified notes are flagged automatically. No self-reporting required.
C++20 Checkpoint Binary
Standalone binary, zero runtime dependencies. Plugs straight into any agent hook path with no interpreter or VM needed.
Double Notes Contract
Every commit gets a ghost-verified witness note. When agents are active, a ghost note records exactly which lines they wrote.
Policy-Enforced CI
Audits PRs inside GitHub Actions. Config is read from the base branch, not the PR branch — so the threshold is always set by the repo owner.
Own Your Source Truth
Install ghost once, wire it into your agents, and every line in your repo gets verifiable owner-side provenance.