The guix repo has a pre-push hook you could take as inspiration. It could prevent you from pushing unsigned/unauthorized commits by mistake.

Le 9 septembre 2022 17:16:24 GMT+02:00, Konrad Hinsen <konrad.hinsen@fastmail.net> a écrit :
Hi everyone,

I added a few packages to guix-past, but apparently forgot something
because I cannot pull without –disable-authentication. The error message
is

guix pull: error: commit e9ccdb84d688c19415610474e8e630b72248c380 lacks a signature

Two questions:
  - How can I fix this?
  - What should I have done to prevent this? Probably sign my commits,
  but is that enough? With nobody knowing my key, signing is probably not
  worth much on its own.

Cheers,
  Konrad