Start with env args like AGENT_ID for indicating which Merkle hash of which model(s) generated which code with which agent(s) and add those attributes to signed (-S) commit messages. For traceability; to find other faulty code generated by the same model and determine whether an agent or a human introduced the fault.

Then, `git notes` is better for signature metadata because it doesn't change the commit hash to add signatures for the commit.

And then, you'd need to run a local Rekor log to use Sigstore attestations on every commit.

Sigstore.dev is SLSA.dev compliant.

Sigstore grants short-lived release attestation signing keys for CI builds on a build farm to sign artifacts with.

So, when jujutsu autocommits agent-generated code, what causes there to be an {{AGENT_ID}} in the commit message or git notes? And what stops a user from forging such attestations?