Critiq logo

Documentation

Setup, Review, And Power-User Guides

Everything from authentication and commit signing to LSP, monorepos, submodules, and advanced review workflows.

Docs Category

Advanced Git & Security

Commit Signing

Git supports cryptographically signing commits to verify authorship. You can use either GPG keys or SSH keys for signing.

Option 1: Sign commits with SSH keys (Git 2.34+)

Use your existing SSH key for both authentication and signing:

  1. Configure git to use SSH for signing: 
    git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
  2. Enable automatic commit signing: 
    git config --global commit.gpgsign true
  3. Add your signing key to your git provider:
    • Settings → SSH and GPG keys → New SSH key → Select "Signing Key" as key type

Option 2: Sign commits with GPG keys

Traditional GPG signing (supported by all providers):

  1. Generate a GPG key: 
    gpg --full-generate-key
    Choose RSA and RSA, 4096 bits, and enter your name and email.
  2. List your GPG keys and copy the key ID: 
    gpg --list-secret-keys --keyid-format=long
    Copy the key ID (the part after rsa4096/)
  3. Configure git to use your GPG key: 
    git config --global user.signingkey YOUR_KEY_ID
git config --global commit.gpgsign true
  4. Export and add your public key to your git provider: 
    gpg --armor --export YOUR_KEY_ID
    Copy the output and add it to the provider:
    • GitHub: Settings → SSH and GPG keys → New GPG key
    • GitLab: Preferences → GPG Keys
    • Azure DevOps: User Settings → GPG Keys

Verification

Once configured, all commits made through Critiq (and git CLI) will be automatically signed. Your git provider will show a "Verified" badge on signed commits.

Hidden Unicode Scanning in PRs

Critiq scans pull request diff hunks for suspicious hidden Unicode controls and marks affected files with warning badges in the file list.

This protection is enabled by default. You can toggle it in Settings → Features → Security with Scan PR diff hunks for hidden Unicode.

  • What gets scanned - Added and modified PR hunk content while reviewing a linked pull request.
  • What is flagged - Zero-width characters, bidirectional controls, and private-use Unicode code points that can obscure code intent.

Secret Scanning

Critiq can scan your staged changes for secrets like API keys, tokens, and credentials before they reach your repository. When enabled, files are automatically scanned as you stage them, and any detected secrets trigger a warning before commit.

Secret scanning modal showing detected secrets with file locations and match details

To enable secret scanning, go to Settings → Additional Settings → Experimental and toggle Enable secret scanning. Critiq uses gitleaks under the hood—you can install the managed scanner directly from Settings or point to your own binary.

  • Managed scanner - Critiq downloads and manages gitleaks for you. Click Install Scanner in Settings to set it up.
  • Custom binary - If you already have gitleaks installed, switch to Custom binary path and provide the path to your executable.
  • Repo config support - Enable Prefer repository .gitleaks.toml to use project-specific rules when available.

When secrets are detected, you'll see a warning modal before committing. You can review each finding, add files to .gitignore, or proceed anyway if the detection is a false positive.

Stacked PRs

Critiq automatically detects when pull requests form a stack—a linear chain where each PR targets the previous PR's branch. Stacked PRs are grouped together in the PR dropdown for easier navigation.

Stacked PRs grouped in the PR dropdown with visual connectors
  • Automatic detection - PRs are identified as stacked when their base branch matches another open PR's head branch.
  • Grouped display - Stacked PRs appear together in the PR dropdown with visual connectors showing the chain order.
  • Stack navigation - When reviewing a stacked PR, a dropdown in the header shows your position in the stack (e.g., "2 of 3") and lets you quickly jump between PRs.
  • Merge order - PRs are displayed root-first, reflecting the order they should be merged (merge the base PR first, then retarget remaining PRs).

Hunk-level change tracking in PRs

In Settings → Additional → Code Review, enable Hunk-level change tracking in PRs to show which individual hunks have been reviewed, modified, or are new. This is more precise than file-level tracking. Status appears as a small badge in the hunk header.

Critiq also supports commit-level hunk review sync for commit-by-commit review. When enabled, hunk completion state is synchronized across commit and file review views so progress stays consistent as you move between commits.

Graph Lane Cap

In Settings → Additional → Git Operations, use History graph lane cap to control how many graph lanes are rendered at once in the commit graph. A lower value keeps the graph compact and faster in very large repositories, while a higher value shows more parallel branches.

When the graph exceeds the cap, the last lane is reserved as an overflow lane so you still see the full shape of the history.