An MCP server that exposes a git_commit tool for creating GPG-signed commits. It delegates signing to the user's local gpg-agent via the controlling TTY, so no key material is ever exposed to the AI client.
When Claude calls git_commit, the server runs git commit -S as a subprocess with the full user environment and stdin connected to the TTY. GPG signing happens exactly as it would if you ran the command yourself — pinentry can prompt for a passphrase if needed. Stdout and stderr are captured and returned to Claude as the tool result.
- Go 1.25+
gitinPATH- GPG configured for commit signing (
git config user.signingkey)
go install github.com/iwarapter/gpg-commit-mcp@latestOr build from source:
git clone https://github.com/iwarapter/gpg-commit-mcp
cd gpg-commit-mcp
go build -o gpg-commit-mcp .claude mcp add gpg-commit $(go env GOPATH)/bin/gpg-commit-mcpOr if built from source, use the full path to the binary:
claude mcp add gpg-commit /path/to/gpg-commit-mcp| Parameter | Type | Required | Description |
|---|---|---|---|
message |
string | yes | Commit message |
repo_dir |
string | no | Path to git repository (defaults to current working directory) |
Prerequisites: changes must already be staged with git add before calling the tool.
Stage your changes first, then ask Claude:
"Commit the staged changes with the message 'Fix null pointer in auth handler'"
Claude will call git_commit and GPG will sign the commit using your local gpg-agent.
Add the following to ~/.claude/CLAUDE.md (create it if it doesn't exist):
## Committing changes
When asked to commit changes, always use the `git_commit` MCP tool (server: `gpg-commit`)
instead of running `git commit` via the Bash tool. This ensures commits are GPG-signed
via the local gpg-agent.
Only fall back to `git commit` via Bash if the `gpg-commit` MCP server is not connected.Claude Code loads this file globally at the start of every session.
git log --show-signature -1
git verify-commit HEAD