@korext/ai-attestation

AI Attestation

An open standard for tracking AI generated code in your repository.

AI Attestation is a machine readable YAML file placed in your repository root that tracks which AI coding tools were used, how much code they generated, and whether that code has been governance scanned.

Why

Enterprises, open source maintainers, and compliance teams increasingly need to answer:

• How much of this codebase was written by AI?
• Which AI tools were used?
• Has the AI generated code been reviewed or scanned?

AI Attestation provides a single, standardized file that answers all three.

Quick Start

npx @korext/ai-attestation init

This will:

• Scan your git history for AI tool signatures
• Create .ai-attestation.yaml in your repo root
• Install a post-commit hook to keep it updated

That's it. The file updates automatically on every commit.

What It Detects

AI Attestation identifies tools through publicly observable signals:

Method	Description	Reliability
Co-author trailer	Co-authored-by: Copilot <copilot@github.com>	✅ High
Commit message pattern	Generated by Copilot, via Cursor	⚠️ Medium
Metadata header	// @cursor-generated	⚠️ Medium
Git config	copilot.enabled = true	ℹ️ Low

Supported Tools

Tool	Identifier	Detection
GitHub Copilot	copilot	Co-author, commit message, config
Cursor	cursor	Co-author, commit message
Claude Code	claude-code	Co-author, commit message
Windsurf	windsurf	Commit message, file header
Codeium	codeium	Commit message, file header
Aider	aider	Co-author, commit message
Devin	devin	Co-author, commit message
OpenHands	openhands	Co-author, commit message
Amazon Q Developer	amazon-q	Commit message, file header
OpenAI Codex CLI	codex-cli	Commit message, file header
Gemini Code Assist	gemini-code-assist	Commit message
JetBrains AI	jetbrains-ai	Commit message, file header
Sourcegraph Cody	sourcegraph-cody	Co-author, commit message
Tabnine	tabnine	Commit message, file header
Replit AI	replit-ai	Commit message, file header
Cline	cline	Co-author, commit message
Continue	continue	Commit message, config
GPT Engineer	gpt-engineer	Co-author, commit message
Bolt	bolt	Commit message, file header

Missing a tool? Add it

The File

# AI Attestation
# https://oss.korext.com/ai-attestation

schema: https://oss.korext.com/ai-attestation/schema
version: "1.0"

repo:
  owner: acme
  name: payments-service
  url: https://github.com/acme/payments-service

generated: "2026-04-15T12:00:00Z"

range:
  from: "2025-01-01T00:00:00Z"
  to: "2026-04-15T12:00:00Z"
  commits: 1247

ai:
  assisted_commits: 438
  percentage: 35.1
  tools:
    - name: GitHub Copilot
      identifier: copilot
      first_seen: "2025-09-01"
      last_seen: "2026-04-15"
      commit_count: 312

    - name: Cursor
      identifier: cursor
      first_seen: "2026-01-15"
      last_seen: "2026-04-14"
      commit_count: 89

  detection_methods:
    - co-author-trailer
    - commit-message-pattern

See more examples in examples/.

CLI Commands

# Initialize (scan + create file + install hook)
ai-attestation init

# Re-scan and update
ai-attestation scan

# Print attestation summary
ai-attestation report

# Generate badge markdown
ai-attestation badge

# Manage git hooks
ai-attestation hook install
ai-attestation hook remove
ai-attestation hook install --type pre-commit

GitHub Action

Enforce AI code policies in CI:

# .github/workflows/ai-attestation.yml
name: AI Attestation
on: [push, pull_request]

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: korext/ai-attestation@v1
        with:
          minimum-governance-score: 80
          block-unscanned: true
          mandatory-packs: security

Action Inputs

Input	Default	Description
fail-on-missing	true	Fail if .ai-attestation.yaml is missing
minimum-governance-score		Minimum score to pass (0-100)
block-unscanned		Block AI code without governance scan
require-review		Require human review for AI code
mandatory-packs		Comma-separated required governance packs
attestation-path	.ai-attestation.yaml	Path to attestation file

Action Outputs

Output	Description
result	PASS, WARN, or FAIL
ai-percentage	Percentage of AI assisted commits
governance-score	Current governance score
tools-detected	Comma separated list of tools
summary	Human readable summary

Governance

The governance section is designed to be populated by any governance engine. When configured, a governance engine reads the attestation file, scans the AI generated code, and writes its results back:

governance:
  engine: KOREXT
  last_scan: "2026-04-15T10:00:00Z"
  result: PASS
  score: 94
  packs:
    - security
    - modernization
  findings:
    critical: 0
    high: 1
    medium: 3
    low: 7

The governance section is engine-agnostic. Any tool can populate it.

Privacy

AI Attestation processes git metadata only:

• Commit messages
• Author names and emails
• Commit dates

It never reads source code. All processing happens locally. No network calls. No telemetry. The output file contains only aggregate counts.

Specification

The full specification is available at SPEC.md. The JSON Schema is available at schema.json.

Both are released under CC0 1.0 Universal (public domain).

Badge

Add a badge to your README after running ai-attestation init:

ai-attestation badge

This outputs markdown you can paste into your README:

[![AI Attestation](https://oss.korext.com/api/badge/owner/repo)](https://oss.korext.com/ai-attestation/report/owner/repo)

Contributing

See CONTRIBUTING.md for guidelines on adding new tools, reporting false positives, and proposing spec changes.

License

• Code (CLI, action, tools): Apache License 2.0
• Specification & Schema: CC0 1.0 Universal (public domain)

Related Projects

Project	Description
AI License Notice	Declare AI provenance in open source projects
Supply Chain Attestation	AI provenance across your dependency tree
AI Incident Registry	Public registry for AI code failures

Built by Korext | oss.korext.com/ai-attestation