Every agent action is a scoped, revocable, audited capability — not a god-mode API key. Running entirely on Cloudflare's edge.
The problem
Autonomous agents are writing code and pushing to your repos — authenticated with decade-old, human-shaped credentials: long-lived tokens, personal access keys, coarse OAuth scopes. One leaked or over-scoped agent credential is a production incident. There's no machine-first way to say this agent, this repo, this action, until Friday, revocable instantly.
What it is
Grant an agent exactly one scope on one repo — write, read, or admin — with an expiry. Not a standing key; a precise capability.
The agent clones and pushes over standard git. Every ref change is written to an append-only journal, attributed to the verified identity behind the token — not "a bot," but which one.
Kill the capability and the agent is locked out on its next call. Cryptographic, immediate, audited.
Why it's different
Attesta verifies every capability offline, at the edge, against a public key — it stores no token database and no signing secret to leak. Branch protection and linearizable compare-and-swap mean concurrent agents can't clobber each other. Objects are encrypted at rest. It's machine-first source control with sovereign human control — and it scales to zero.
Proof
Real git clone and git push, byte-identical to upstream git,
served from the edge. Full identity-gated auth, an audit journal, and cryptographic
revocation — demonstrated end-to-end. We run our own autonomous engineering pipeline
on it.
The bigger picture
The capability layer underneath Attesta isn't git-specific. As agents do more real work, they'll need one identity and control plane — one you own, that verifies anywhere. This is where it starts.