GitGhost

GitGhost Launched on @base via @clanker_world CA : 0x83a83a85351f61c36e4752DC9F0fadE58F803b07 clanker.world/clanker/0x83a8…

How GitGhost ChatBox will fit into @github, at a glance. The flow: a PR lands from a fork with ghost trailers on the commit. GitHub fires a webhook. ChatBox parses the public trailers, runs the same LSAG verification engine as the CLI and web verifier (so the result is consistent everywhere), and posts a readable summary on the PR: signature valid or not, which ring, ring root match, anonymity status. Then it stays in the thread to answer follow-ups. The boundary is the whole design. ChatBox only reads what's already public in the commit. It never has access to identity.json, and it never de-anonymizes a signer. A bot in the loop doesn't weaken the privacy model, because the bot only ever sees what any verifier could already see.

Most privacy tools ask you to trust them. GitGhost lets you check for yourself instead. 👻 Here's what that means in plain terms. When you use GitGhost to sign your work, everything happens right on your own computer. Nothing gets sent off to some company's server. Your secret key, the thing that proves it's you, never leaves your machine. And the proof it creates? Anyone can double-check it themselves, either on their computer or just in a web browser, and they'll always get the exact same answer. No company in the middle. No "just take our word for it." It's built on security tools that experts have already reviewed for years, so we're not inventing our own and hoping it holds. That's the whole point. You don't have to trust us. You can verify it. $GTG : 0x83a83a85351f61c36e4752dc9f0fade58f803b07

Hey @gitlawb We've been building GitGhost: anonymous git commits via ring signatures, so a contribution can be proven to come from a trusted group without revealing which member signed. Privacy-first, for developers. Your work on decentralized, cryptographic identity for code feels deeply aligned with ours. We'd love to explore how anonymous commits could fit into your ecosystem. Open to a conversation? 👻

Introducing GitGhost ChatBox, coming soon to @github Our verifier today is quiet. It checks a commit and hands you a result. ChatBox is the next step: an agent that lives in your repo and that you can actually talk to, right inside a pull request. When a contribution comes in from a fork, ChatBox reads what's already in the commit, whether it carries a valid ghost signature, which ring it belongs to, and whether the author stays anonymous, then sums it up in plain language. And you can ask it follow-up questions in the comments, like a teammate who already did the homework. It only ever looks at what's already public in the commit. No hidden access, no identities exposed. Coming soon.

The key image is the small piece of math that makes GitGhost anonymous AND abuse-proof at once. Most anonymous systems can't do both A ring signature alone proves "one of these N people signed this" without revealing who. Great for anonymity, but it has a hole: if nobody can tell who signed, what stops one person from signing 100 times and pretending to be a crowd? That's the sybil problem. The fix is the key image: a value derived from your secret key that comes out the same every time you sign in the same ring. Think of it as an invisible fingerprint. It never says who you are, but the same signer always leaves the same mark. Two signatures, same fingerprint means same person, even though nobody learns the name. And it's bound to the specific ring you sign in, so your fingerprint in one project can't be linked to another. Anonymity and accountability, at the same time.

Same curve, less tooling: the protocol uses secp256k1, the same curve as Bitcoin and Ethereum, so on-chain anchoring reuses existing tooling instead of inventing its own. No wallet needed: a sponsored relayer at /api/anchor pays gas after re-verifying the signature itself, so users never touch a wallet. Rate-limited to keep it from being abused. What lands on-chain is just three values: commit hash, ring root, key image. No identities, ever.

why GitGhost anchors to @base , with the actual numbers. Anchoring writes a commit's proof on-chain for permanent, tamper-proof timestamping. Choice of chain matters, so here's the reasoning. Security: Base is an Ethereum L2, so anchors inherit Ethereum-grade settlement. The timestamp doesn't depend on trusting us. Cost: about $0.0001 per anchor. At a hundredth of a cent, anchoring is cheap enough to be a default rather than something you ration. Speed: roughly 1.6 seconds end to end, and that figure already includes re-running full LSAG verification server-side before the write.

A quiet little milestone we're happy about. @gitghost/cli just crossed 450 downloads in its first week on npm, and the trend is climbing. Not bad for a tool that's only been public for a couple of days. What makes it feel real: this is organic. No paid promotion, no growth tricks. Just developers finding a CLI for anonymous git commits via ring signatures, installing it, and trying it for themselves. All crypto runs locally, MIT licensed, Node 18+. If you're one of the 450, thank you. If you're not yet: ↳ npm i @gitghost/cli We're building this in the open, and early signs like this keep us going. Ship code, leave no trace.

Building in the open means you get to watch every step. A few updates. 1. Public changelog is live. A full timeline of every meaningful milestone, from project kickoff and protocol design through the CLI, the browser verifier, on-chain anchoring on Base, and the MCP server. Newest on top, specific enough that anyone can check our claims. ↳ gitghost.org/events 2. New Agent page. One place that lays out the MCP server for AI agents at a glance: built for clients like Claude Desktop, Cursor, Cline, and OpenCode, identity stays local, and signing never exposes your key file. Config, steps, and the six tools are all there. ↳ gitghost.org/agent 3. Docs updated, v0.1.0 to v0.1.1 ↳ gitghost.org/docs If something looks missing or wrong, tell us. A public ledger only works if people actually hold it to account.

Here's why we build this way. A privacy tool you have to trust blindly isn't a privacy tool. The only way anonymous signing earns trust is if anyone can inspect exactly how it works, and verify that the secret never leaves your machine. Open by default isn't a marketing choice for us. It's the whole point. So follow along. Read the code. Break it, test it, tell us where it falls short. We're building the privacy layer that code contributors have never had, and we're doing it where everyone can watch. Public code. Private identity. Verifiable contribution.

What we've already shipped, out in the open: The GitGhost CLI, so any developer can sign a commit and prove it came from one of a trusted group of contributors, without revealing which one. Real LSAG ring signatures, all crypto running locally on your machine. An MCP server, so AI agents can do the same thing inside their workflows, and never once touch your secret key. On-chain anchoring on Base, where a commit gets a permanent, tamper-proof timestamp while storing zero identifying information. No names, no keys, just proof. Every piece is public. The code, the contract, the verifier. You can check all of it yourself.

We're building the missing privacy layer for code, in the open. Watch it happen. Here's the gap nobody talks about. Web3 obsesses over privacy for users: private wallets, private transactions, private balances. But the people actually building the software? Every commit they push can expose who they are, when they work, and what they're connected to. Builders get no privacy at all. We think that's backwards. So we're fixing it, and we're doing it all in public.

GitGhost now speaks to AI agents too Meet GitGhost MCP, a server that lets MCP-compatible agents like @claudeai, @cursor_ai, @cline, and @opencode create and verify anonymous git commits, right inside your repo. The whole point is the boundary: the agent can ask GitGhost to sign, but it never sees your secret key. The key stays on your machine. Always. Same signing engine as the CLI. Same anonymity. New door in. NPM : @gitghost/mcp" target="_blank" rel="nofollow noopener">npmjs.com/package/@gitgh… GitHub : github.com/gitghostonbase…

Officially listed : $GTG is now on @coingecko. A real milestone for GitGhost: anonymous git commits, verifiable contributions, building on @Base. coingecko.com/id/coins/gitgh…

shipped a new GitHub Action gitghost verify automatic ring-signature verification on every pull request. now live on GitHub Marketplace. before vs after thread. before this action every time a contributor opened a PR with a ghost commit, you had to: 1. clone the PR locally 2. checkout each commit 3. run gitghost verify one by one 4. read the CLI output to decide if the signature held manual. slow. easy to skip. after contributor opens PR → action runs → sticky comment appears with the verdict. ✅ring root match ✅LSAG signature valid ✅on-chain anchor (block link) ❌if any commit fails → merge gate blocked you don't lift a finger. Marketplace: github.com/marketplace/ac…

#Web3 talks a lot about privacy for users. But what about #privacy for builders? Every commit can reveal patterns: who contributed, when they worked, what project they're connected to, and sometimes even which identity or wallet they might be linked to. For developers, that creates a real tension. You want to prove you contributed, but you don't always want to expose your full identity. That's where anonymous commits matter. They let builders contribute publicly while keeping their identity private. The code stays visible. The contribution can still be verified. But the person behind it gets protection. This matters for solo builders, DAO contributors, privacy researchers, open-source devs, and anyone building in sensitive ecosystems. #Anonymous does not mean fake. Anonymous means you control what you reveal. In Web3, where identity, wallets, reputation, and contribution history are increasingly connected, developer privacy is going to become a serious primitive. GitGhost is building for that future. $GTG : 0x83a83a85351f61c36e4752dc9f0fade58f803b07

How GitGhost is put together, in THREE LAYERS First, your machine. The CLI holds your secret identity (which never leaves your device) and a ring of trusted contributors built from their GitHub keys. When you commit, it signs as one of the ring and tucks the proof into the commit. Second, verification. Anyone can re-check that proof, either offline from the command line or by pasting a commit URL into the web verifier. Same math, same result: valid, one of N, identity hidden. Third, the chain. You can optionally anchor a commit to Base for a permanent timestamp. The thing stored on-chain is just three fingerprints, no names, no keys, no identities. Secret stays local. Proof goes public. Identity stays hidden.

GitGhost $GTG has officially submitted its @coingecko listing application. REQUEST ID : CL2205260048 Now under review. We'll share the moment it goes live. Privacy for code contributors, on Base. Ship code, leave no trace.

Demo video / asciinema of GitGhost GitGhost is a cryptographic attribution layer for @github commits, built on Linkable Spontaneous Anonymous Group (LSAG) signatures over secp256k1 the same elliptic curve used by @Bitcoin and @ethereum but in @base. It allows any developer to sign a commit as one of N declared contributors, where verifiers can prove the commit originated from a trusted ring, but cannot determine which specific member signed it. No telemetry, no analytics, fully open source under MIT license. The CLI walkthrough is straightforward initialize a ring inside any git repository, add contributors by their GitHub username, and commit as usual. The signature is embedded directly into the commit message as standard RFC-5322 trailers, making it compatible with any git host without forks or extensions. Every signed commit is independently verifiable at gitghost.org/verify using the same cryptographic implementation on both ends. gitghost.org/docs