The guix repo has a pre-push hook you could take as inspiration. It could prevent you from pushing unsigned/unauthorized commits by mistake.

Le 9 septembre 2022 17:16:24 GMT+02:00, Konrad Hinsen <konrad.hinsen@fastmail.net> a écrit :
>Hi everyone,
>
>I added a few packages to guix-past, but apparently forgot something
>because I cannot pull without –disable-authentication. The error message
>is
>
>guix pull: error: commit e9ccdb84d688c19415610474e8e630b72248c380 lacks a signature
>
>Two questions:
>  - How can I fix this?
>  - What should I have done to prevent this? Probably sign my commits,
>  but is that enough? With nobody knowing my key, signing is probably not
>  worth much on its own.
>
>Cheers,
>  Konrad
>