{"id":48908472,"url":"https://github.com/korext/ai-attestation","last_synced_at":"2026-04-16T22:03:12.572Z","repository":{"id":351700475,"uuid":"1212106565","full_name":"Korext/ai-attestation","owner":"Korext","description":"An open standard for tracking AI generated code in your repository. Detects Copilot, Cursor, Claude Code, and 8 more tools.","archived":false,"fork":false,"pushed_at":"2026-04-16T06:09:57.000Z","size":36,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-16T06:39:11.285Z","etag":null,"topics":["ai","attestation","claude-code","compliance","copilot","cursor","developer-tools","git-hook","governance","open-standard","transparency","yaml"],"latest_commit_sha":null,"homepage":"https://oss.korext.com/ai-attestation","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Korext.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-16T04:15:36.000Z","updated_at":"2026-04-16T06:10:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Korext/ai-attestation","commit_stats":null,"previous_names":["korext/ai-attestation"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Korext/ai-attestation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Korext%2Fai-attestation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Korext%2Fai-attestation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Korext%2Fai-attestation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Korext%2Fai-attestation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Korext","download_url":"https://codeload.github.com/Korext/ai-attestation/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Korext%2Fai-attestation/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31905895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"ssl_error","status_checked_at":"2026-04-16T18:21:47.142Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","attestation","claude-code","compliance","copilot","cursor","developer-tools","git-hook","governance","open-standard","transparency","yaml"],"created_at":"2026-04-16T22:03:02.621Z","updated_at":"2026-04-16T22:03:12.564Z","avatar_url":"https://github.com/Korext.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AI Attestation\n\n\u003e **An open standard for tracking AI generated code in your repository.**\n\n[![AI Attestation](https://oss.korext.com/api/badge/Korext/ai-attestation)](https://oss.korext.com/ai-attestation/report/Korext/ai-attestation)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)\n[![Spec: CC0-1.0](https://img.shields.io/badge/Spec-CC0%201.0-lightgrey.svg)](LICENSE-SCHEMA)\n[![npm](https://img.shields.io/npm/v/@korext/ai-attestation)](https://www.npmjs.com/package/@korext/ai-attestation)\n\nAI Attestation is a machine readable YAML file placed in your repository root\nthat tracks which AI coding tools were used, how much code they generated,\nand whether that code has been governance scanned.\n\n## Why\n\nEnterprises, open source maintainers, and compliance teams increasingly need\nto answer:\n\n- **How much of this codebase was written by AI?**\n- **Which AI tools were used?**\n- **Has the AI generated code been reviewed or scanned?**\n\nAI Attestation provides a single, standardized file that answers all three.\n\n## Quick Start\n\n```bash\nnpx @korext/ai-attestation init\n```\n\nThis will:\n\n1. Scan your git history for AI tool signatures\n2. Create `.ai-attestation.yaml` in your repo root\n3. Install a post-commit hook to keep it updated\n\nThat's it. The file updates automatically on every commit.\n\n## What It Detects\n\nAI Attestation identifies tools through publicly observable signals:\n\n| Method | Description | Reliability |\n|--------|-------------|-------------|\n| **Co-author trailer** | `Co-authored-by: Copilot \u003ccopilot@github.com\u003e` | ✅ High |\n| **Commit message pattern** | `Generated by Copilot`, `via Cursor` | ⚠️ Medium |\n| **Metadata header** | `// @cursor-generated` | ⚠️ Medium |\n| **Git config** | `copilot.enabled = true` | ℹ️ Low |\n\n### Supported Tools\n\n| Tool | Identifier | Detection |\n|------|-----------|-----------|\n| GitHub Copilot | `copilot` | Co-author, commit message, config |\n| Cursor | `cursor` | Co-author, commit message |\n| Claude Code | `claude-code` | Co-author, commit message |\n| Windsurf | `windsurf` | Commit message, file header |\n| Codeium | `codeium` | Commit message, file header |\n| Aider | `aider` | Co-author, commit message |\n| Devin | `devin` | Co-author, commit message |\n| OpenHands | `openhands` | Co-author, commit message |\n| Amazon Q Developer | `amazon-q` | Commit message, file header |\n| OpenAI Codex CLI | `codex-cli` | Commit message, file header |\n| Gemini Code Assist | `gemini-code-assist` | Commit message |\n| JetBrains AI | `jetbrains-ai` | Commit message, file header |\n| Sourcegraph Cody | `sourcegraph-cody` | Co-author, commit message |\n| Tabnine | `tabnine` | Commit message, file header |\n| Replit AI | `replit-ai` | Commit message, file header |\n| Cline | `cline` | Co-author, commit message |\n| Continue | `continue` | Commit message, config |\n| GPT Engineer | `gpt-engineer` | Co-author, commit message |\n| Bolt | `bolt` | Commit message, file header |\n\nMissing a tool? [Add it](CONTRIBUTING.md)\n\n## The File\n\n```yaml\n# AI Attestation\n# https://oss.korext.com/ai-attestation\n\nschema: https://oss.korext.com/ai-attestation/schema\nversion: \"1.0\"\n\nrepo:\n  owner: acme\n  name: payments-service\n  url: https://github.com/acme/payments-service\n\ngenerated: \"2026-04-15T12:00:00Z\"\n\nrange:\n  from: \"2025-01-01T00:00:00Z\"\n  to: \"2026-04-15T12:00:00Z\"\n  commits: 1247\n\nai:\n  assisted_commits: 438\n  percentage: 35.1\n  tools:\n    - name: GitHub Copilot\n      identifier: copilot\n      first_seen: \"2025-09-01\"\n      last_seen: \"2026-04-15\"\n      commit_count: 312\n\n    - name: Cursor\n      identifier: cursor\n      first_seen: \"2026-01-15\"\n      last_seen: \"2026-04-14\"\n      commit_count: 89\n\n  detection_methods:\n    - co-author-trailer\n    - commit-message-pattern\n```\n\nSee more examples in [`examples/`](examples/).\n\n## CLI Commands\n\n```bash\n# Initialize (scan + create file + install hook)\nai-attestation init\n\n# Re-scan and update\nai-attestation scan\n\n# Print attestation summary\nai-attestation report\n\n# Generate badge markdown\nai-attestation badge\n\n# Manage git hooks\nai-attestation hook install\nai-attestation hook remove\nai-attestation hook install --type pre-commit\n```\n\n## GitHub Action\n\nEnforce AI code policies in CI:\n\n```yaml\n# .github/workflows/ai-attestation.yml\nname: AI Attestation\non: [push, pull_request]\n\njobs:\n  check:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: korext/ai-attestation@v1\n        with:\n          minimum-governance-score: 80\n          block-unscanned: true\n          mandatory-packs: security\n```\n\n### Action Inputs\n\n| Input | Default | Description |\n|-------|---------|-------------|\n| `fail-on-missing` | `true` | Fail if `.ai-attestation.yaml` is missing |\n| `minimum-governance-score` | | Minimum score to pass (0-100) |\n| `block-unscanned` | | Block AI code without governance scan |\n| `require-review` | | Require human review for AI code |\n| `mandatory-packs` | | Comma-separated required governance packs |\n| `attestation-path` | `.ai-attestation.yaml` | Path to attestation file |\n\n### Action Outputs\n\n| Output | Description |\n|--------|-------------|\n| `result` | `PASS`, `WARN`, or `FAIL` |\n| `ai-percentage` | Percentage of AI assisted commits |\n| `governance-score` | Current governance score |\n| `tools-detected` | Comma separated list of tools |\n| `summary` | Human readable summary |\n\n## Governance\n\nThe `governance` section is designed to be populated by any governance engine.\nWhen configured, a governance engine reads the attestation file, scans the\nAI generated code, and writes its results back:\n\n```yaml\ngovernance:\n  engine: KOREXT\n  last_scan: \"2026-04-15T10:00:00Z\"\n  result: PASS\n  score: 94\n  packs:\n    - security\n    - modernization\n  findings:\n    critical: 0\n    high: 1\n    medium: 3\n    low: 7\n```\n\nThe governance section is engine-agnostic. Any tool can populate it.\n\n## Privacy\n\nAI Attestation processes **git metadata only**:\n\n- Commit messages\n- Author names and emails\n- Commit dates\n\nIt **never** reads source code. All processing happens locally. No network\ncalls. No telemetry. The output file contains only aggregate counts.\n\n## Specification\n\nThe full specification is available at [SPEC.md](SPEC.md).\nThe JSON Schema is available at [schema.json](schema.json).\n\nBoth are released under [CC0 1.0 Universal](LICENSE-SCHEMA) (public domain).\n\n## Badge\n\nAdd a badge to your README after running `ai-attestation init`:\n\n```bash\nai-attestation badge\n```\n\nThis outputs markdown you can paste into your README:\n\n```markdown\n[![AI Attestation](https://oss.korext.com/badge/owner/repo)](https://oss.korext.com/report/owner/repo)\n```\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on adding new tools,\nreporting false positives, and proposing spec changes.\n\n## License\n\n- **Code** (CLI, action, tools): [Apache License 2.0](LICENSE)\n- **Specification \u0026 Schema**: [CC0 1.0 Universal](LICENSE-SCHEMA) (public domain)\n\n## Related Projects\n\n| Project | Description |\n|---------|-------------|\n| [AI License Notice](https://github.com/korext/ai-license) | Declare AI provenance in open source projects |\n| [Supply Chain Attestation](https://github.com/korext/supply-chain-attestation) | AI provenance across your dependency tree |\n| [AI Incident Registry](https://github.com/korext/ai-incident-registry) | Public registry for AI code failures |\n\n---\n\nBuilt by [Korext](https://korext.com) | [oss.korext.com/ai-attestation](https://oss.korext.com/ai-attestation)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkorext%2Fai-attestation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkorext%2Fai-attestation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkorext%2Fai-attestation/lists"}