I accidentally committed as the wrong Git identity one too many times — so I built idctl

Vova Laskarzhevskyy — Sat, 20 Jun 2026 13:05:59 +0000

I committed with the wrong email — and had no way to see it coming

You know that moment when someone points out your commit was made under the wrong email?

Yeah. That happened to me. During a code review. On a work project.

My personal email ended up in the commit history. On production code. In front of other engineers.

The frustrating part is that I didn't even notice it happening.

Earlier that day I had switched from a personal project. The wrong SSH key was still loaded. The wrong identity was still active. Git just used whatever was available.

The debug session that didn't help

So I tried to figure out what was going on:

git config user.email
echo $AWS_PROFILE
kubectl config current-context
ssh-add -l

Four different systems. Four different sources of truth. None of them actually told me what identity would be used at the moment of impact.

That was the real problem.

Not that I misconfigured something — but that I had no way to predict what the system would actually do when I ran a command.

Config vs. resolution

Over a weekend I built something around a simple question:

What identity will actually be used if I run this command right now?

Not "what did I configure?" — what will happen.

That distinction turned out to matter more than I expected. Most failures in these systems don't come from wrong config. They come from the wrong active context.

What `idctl predict` shows

The command I use most:

idctl predict

Example output:

NEXT ACTION RISKS  (vs profile: work)

!  git push        ssh key for github.com
    expected key ~/.ssh/id_personal is NOT loaded
    a different key may be used for authentication

!  ssh connect     5 key(s) in agent
    expected identity is not active
    another credential may be selected

It's not telling you what you configured. It's telling you what will actually happen.

Try it

Zero dependencies. Single static binary. Read-only — it never touches your git, AWS, kube, or SSH configuration.

go install github.com/voyager556321/idctl/cmd/idctl@latest
idctl init
idctl predict

Source and docs: github.com/voyager556321/idctl

Has this ever happened to you — wrong Git identity, wrong AWS account, wrong kube context? Or do you just mentally track all of it and hope nothing leaks across boundaries?