[▲ Vercel Community](/) · [Categories](/categories) · [Latest](/latest) · [Top](/top) · [Live](/live) [Feedback](/c/feedback/8) # Add GPG signing support for Vercel Agent code review commits 4 views · 0 likes · 2 posts Justin (@justinoboyle) · 2026-04-03 ## Problem When accepting code suggestions from the Vercel Code Review bot on `GitHub`, the resulting commits are not `GPG` signed. This blocks adoption for teams that require signed commits as part of their security policies. We are able to get around this by force-pushing squashed commits to the branch but it significantly slows down our team. ## Why this matters Many organizations enforcing `SOC 2` compliance require all commits to be cryptographically signed. This is a common security control to ensure code authenticity and traceability. Without `GPG` signing support, we can’t use the one-click “Apply” feature—we have to manually copy suggestions and commit them locally, which defeats the purpose of the streamlined workflow. ## Example An engineer on the team (with GPG signing key configured) clicked “accept” on the suggestion through the GitHub interface:  ## Request Support `GPG` signing for commits created by `Vercel Agent`, similar to how other AI coding tools handle this (e.g., Claude’s commit signing). Cursor had a similar issue: [https://forum.cursor.com/t/cursor-agent-signed-commits/119822](https://forum.cursor.com/t/cursor-agent-signed-commits/119822) --- EDIT: I think I overwrote some of the back office bot’s changes on accident - tried to add them back but apologies if I missed anything, wasn’t intentional! Pauline P. Narvas (@pawlean) · 2026-04-07 Welcome to the community, Justin! This is a great point. I've shared it with our team internally, hopefully we can get a workaround for you as soon as we can. :slight_smile: