Key takeaways
- Records line-level provenance of agent-authored code (agent, model, prompt, session) in Git Notes, surviving rebase, squash, merge, and cherry-pick — filling the gap left by an estimated ~41% of new code now being AI-written with no structured provenance
- Supports 10+ agents and editors out of the box — Claude Code, GitHub Copilot, Cursor, Codex, Windsurf, OpenCode, Continue, Gemini — with hooks managed automatically, no per-repo setup
- Placed in the Assess ring of the Thoughtworks Technology Radar and implements the emerging Agent Trace specification alongside Cline and OpenCode
- Ferocious release cadence: 179 releases to v1.5.6 in roughly eleven months, written in Rust, Apache 2.0 licensed, with pushes through June 11, 2026
- Tailwind from regulation and platform missteps — the VS Code `git.addAICoAuthor` default-on backlash (April–May 2026) and EU AI Act machine-readable disclosure rules (August 2026) both make structured AI attribution a live requirement rather than a nice-to-have
FAQ
What is git-ai?
An open-source Git extension that tracks AI-generated code in a repository, linking every AI-written line to the agent, model, and prompt that produced it using checkpoints stored in Git Notes.
How much does git-ai cost?
The CLI is free and Apache 2.0 licensed. A paid Teams offering is referenced in the project's materials, but pricing is not publicly listed.
Does attribution survive rebase and squash?
Yes. Attribution is reconciled through Git operations — rebase, squash, merge, cherry-pick — with eventual consistency, typically 5–100ms after the operation completes. git mv, git filter-branch, and git replace are not supported.
How is git-ai different from Vouch?
Vouch decides whether to trust a contributor before they interact with a project; git-ai records what an AI agent actually wrote after the fact — trust-the-contributor versus trust-the-code provenance.
Executive Summary
git-ai is an open-source Git extension that records line-level provenance of AI-generated code: every AI-written line is linked to the agent, model, and prompt that produced it, with attribution stored in Git Notes and reconciled through rebase, squash, merge, and cherry-pick.[1][2] Built in Rust by Aidan Cunniffe and Sasha Varlamov, the project launched in July 2025 and has shipped 179 releases to v1.5.6 in roughly eleven months, reaching 2,049 stars and 200 forks as of June 11, 2026.[3][4]
The timing argument is the product. Analyses of GitClear's 211-million-line dataset estimate roughly 41% of new code is now AI-written — with no structured record of which lines, which model, or why.[5] The April–May 2026 backlash over VS Code flipping git.addAICoAuthor on by default — Microsoft apologized and reverted after commits were silently tagged "Co-authored-by: Copilot" — proved both that developers care intensely about AI attribution and that a one-line commit trailer is too blunt an instrument for it.[6][7] With EU AI Act Article 50 machine-readable AI-content disclosure obligations applying from August 2, 2026, git-ai is positioned as the structured, consent-by-install answer to a question regulators and platforms are now forcing.[8] Thoughtworks placed it in the Assess ring of its Technology Radar.[9]
| Attribute | Value |
|---|---|
| Creators | Aidan Cunniffe, Sasha Varlamov[1] |
| First released | July 2025[3] |
| Funding | Not publicly disclosed |
| GitHub stars | 2,049 (June 11, 2026)[3] |
| License | Apache 2.0[3] |
| Latest release | v1.5.6 (June 5, 2026), 179 releases total[4] |
Product Overview
git-ai installs once per machine and then manages agent hooks automatically, updating them daily — no per-repository setup.[1] Coding agents call git-ai checkpoint as they write or modify files; each checkpoint captures a diff against the previous checkpoint, marked AI- or human-authored. At commit time the accumulated attribution is stapled to the commit as a Git Note, giving every line a durable link back to the agent, model, and prompt that generated it.[1][9]
Day-to-day use happens through two commands: git ai blame, a drop-in replacement for git blame that shows AI attribution per line, and git ai stats, which aggregates AI-code percentages and generation-to-acceptance rates across a repo or org.[1]
Key Capabilities
| Capability | Description |
|---|---|
| Line-level attribution | Links each AI-written line to agent, model, prompt, and session[1] |
| Durable through history rewrites | Attribution reconciles after rebase, squash, merge, cherry-pick — eventual consistency within 5–100ms[1] |
git ai blame | Per-line AI/human attribution view; metadata also visible via git log --show-notes="ai"[1] |
git ai stats | AI-code percentage and acceptance-rate analytics[1] |
| Zero-config hooks | Agent hooks installed and refreshed daily, no per-repo configuration[1] |
| Open standard | Implements the Agent Trace specification, alongside Cline and OpenCode[9] |
Product Surfaces
| Surface | Description | Availability |
|---|---|---|
CLI (git-ai) | Checkpointing, blame, stats, notes management | Free, Apache 2.0[1] |
| Agent integrations | Claude Code, GitHub Copilot, Cursor, Codex, Windsurf, OpenCode, Continue, Gemini, others | Free[1] |
| Editor support | VS Code, Cursor, Windsurf, Antigravity, Emacs magit | Free[1] |
| Teams | Org-level offering referenced in project materials | Paid; pricing not publicly listed[1] |
Technical Architecture
git-ai is a single Rust binary that extends Git rather than wrapping or replacing it. Attribution lives in Git Notes — native Git objects — so the data travels with the repository and requires no external database or service.[1][2]
# Mac / Linux
curl -sSL https://usegitai.com/install.sh | sh
# then, in any repo with a supported agent
git ai blame <file>
git ai stats
Key Technical Details
| Aspect | Detail |
|---|---|
| Deployment | Local CLI; per-machine install, hooks auto-managed[1] |
| Language | Rust[3] |
| Storage | Git Notes (refs/notes/ai) attached to commits[1] |
| Integrations | 10+ agents/editors including Claude Code, Copilot, Cursor, Codex, Windsurf[1] |
| Known gaps | git mv, git filter-branch, git replace unsupported; Bash-driven edits attribute only when cwd is inside the target repo[1] |
| Open Source | Yes — Apache 2.0[3] |
Strengths
- Right granularity for the trust debate — line-level agent/model/prompt provenance is structurally richer than the commit-trailer approach that blew up on VS Code users; attribution is opt-in at install and visible via standard Git tooling.[1][6]
- Survives history rewrites — attribution reconciles through rebase, squash, merge, and cherry-pick, the operations that destroy naive metadata schemes.[1]
- Broad agent coverage, zero per-repo setup — hooks for 10+ agents and editors are installed and refreshed automatically.[1]
- Third-party validation — an Assess placement on the Thoughtworks Technology Radar, which frames it as worth exploring for "long-term accountability and maintainability in an agentic workflow."[9]
- Standards posture — building on Git Notes and the Agent Trace spec (also implemented by Cline and OpenCode) hedges against single-vendor lock-in.[9]
- Relentless shipping — 179 releases in roughly eleven months, with pushes through June 11, 2026.[4][3]
Cautions
- The "why track at all" objection is unresolved — in the most substantive community debate on AI-code provenance (58 points, 71 comments), skeptics argued existing practice already covers intent: "We solved it already... diffs would be traceable to commits and PRs, which in turn are traceable to tickets."[10]
- Muted launch reception — the project's own Show HN drew just 6 points and 4 comments, all friendly; community pull is not yet proven at Vouch-launch scale.[11]
- Prompt data in repo history — storing prompts in Git Notes means session content travels with the repo; teams with sensitive prompt material need a redaction story before pushing notes to shared remotes.[1]
- Cooperation-dependent accuracy — attribution depends on agents calling checkpoints through managed hooks; edits from unsupported tools, or Bash edits outside the repo cwd, silently fall through as human-authored.[1]
- Measurement invites gaming — once
git ai statsfeeds dashboards (or mandates), AI-percentage numbers become targets; the GitClear data behind the 41% figure also shows churn and duplication rising, a reminder that volume metrics mislead.[5] - Hard edges —
git mv,git filter-branch, andgit replaceare unsupported.[1] - 166 open issues against a two-person maintainer core as of June 2026.[3]
Pricing & Licensing
| Tier | Price | Includes |
|---|---|---|
| CLI / open source | Free | Full attribution engine, blame, stats, all agent integrations[1] |
| Teams | Not publicly listed | Org-level offering referenced in project materials[1] |
Licensing model: Apache 2.0 for the core; attribution data is plain Git Notes, readable without git-ai installed.[3][1]
Hidden costs: none at the tool level, but pushing/fetching notes refs and onboarding agents across a large org is real workflow work, and any Teams pricing is undisclosed.[1]
Competitive Positioning
Direct Competitors
| Competitor | Differentiation |
|---|---|
| Vouch | Trust-the-contributor: gates who may interact with a project before contribution. git-ai is trust-the-code: records what an agent wrote after the fact. Complementary, not substitutes. |
| Oobo | Commit-time AI attribution aimed at engineering analytics; git-ai goes a level deeper with line-level provenance (agent, model, prompt) durable through history rewrites.[1] |
VS Code git.addAICoAuthor | Platform-default commit trailer; binary, commit-granularity, and reverted to off after the April–May 2026 backlash.[6][7] |
| Cline / OpenCode (Agent Trace) | Fellow implementers of the Agent Trace spec — single-agent scope versus git-ai's cross-agent coverage.[9] |
When to Choose git-ai Over Alternatives
- You need to know which agent, model, and prompt produced a specific line — for review, debugging, audit, or incident response — not just that "AI helped" on a commit.[1]
- Your team runs multiple agents (Claude Code + Cursor + Copilot) and wants one attribution layer instead of per-tool trailers.[1]
- You anticipate EU AI Act-era disclosure requirements and want machine-readable provenance accumulating now, in-repo, under an open license.[8]
- Choose Vouch instead when the problem is unwanted contributors, not untracked code; choose Oobo when you want commit-level AI metrics for dashboards without line-level depth.
Ideal Customer Profile
Best fit:
- Engineering orgs with heavy multi-agent adoption that need audit-grade answers to "who wrote this line"[1]
- Regulated or EU-exposed teams preparing for machine-readable AI-content disclosure from August 2026[8]
- Platform teams measuring real AI contribution and acceptance rates rather than survey-based estimates[1]
Poor fit:
- Teams whose agents or editors fall outside the supported set — unhooked edits silently degrade attribution accuracy[1]
- Solo developers satisfied with commit messages and PR links as provenance[10]
- Orgs that cannot allow prompt content to be stored in repository notes[1]
Viability Assessment
| Dimension | Assessment |
|---|---|
| Financial Health | No disclosed funding; free core with an undisclosed paid Teams path[1] |
| Market Position | Early leader in line-level AI provenance; Thoughtworks Radar Assess; ~2,000 stars vs. platform incumbents who could bundle a coarser version[9][3] |
| Innovation Pace | 179 releases in ~11 months; v1.5.6 shipped June 5, 2026[4] |
| Community/Ecosystem | 200 forks, 166 open issues, two named maintainers; Agent Trace spec adoption by Cline and OpenCode is the network bet[3][9] |
| Long-term Outlook | Strong tailwinds (regulation, platform missteps) against real risks (GitHub native bundling, maintainer concentration) |
The macro forces are unusually aligned for a one-year-old developer tool: ~41% of new code is AI-written with no structured provenance, Microsoft demonstrated both the demand for and the wrong way to do attribution, and EU disclosure rules land in August 2026.[5][6][8] The open question is whether git-ai converts that tailwind before a platform vendor ships a good-enough native version.
Bottom Line
git-ai is the most technically serious answer yet to AI-code provenance: line-level, multi-agent, durable through rebase, stored in native Git objects under Apache 2.0, and validated by a Thoughtworks Radar Assess placement — all within a year of launch.[1][9] Adoption (2,049 stars) is meaningful but not yet ecosystem-scale, community skepticism that commits-plus-tickets already suffice remains live, and accuracy depends on agents cooperating via hooks.[3][10]
Recommended for: multi-agent engineering orgs that need auditable, line-level answers about AI authorship, and EU-exposed teams building toward August 2026 disclosure obligations.[8]
Not recommended for: teams outside the supported agent set, orgs that can't store prompt content in repo notes, or anyone seeking a vendor-backed product with published pricing — the Teams tier is undisclosed.[1]
Outlook: the strongest entrant in the trust-the-code slot of developer trust tooling. Its bet — that an open, Git-native provenance standard wins before platforms bundle a coarser one — looks better after the VS Code co-author debacle, but the window is regulatory: August 2026 is when structured AI attribution stops being optional for many teams.[6][8]
Research by Ry Walker Research • methodology
Sources
- [1] git-ai GitHub Repository (README)
- [2] Git AI Website & Docs
- [3] GitHub API — git-ai-project/git-ai repository metadata
- [4] git-ai Releases
- [5] AI Writes 41% of Code Now — But Code Churn Is Doubling in 2026
- [6] Update on "Co-authored-by: Copilot" in commit messages (microsoft/vscode #314311)
- [7] WTF: Microsoft forces "Co-Authored-by Copilot" in commits (heise online)
- [8] EU AI Act, Article 50 — Transparency Obligations
- [9] Git AI — Thoughtworks Technology Radar
- [10] Provenance Is the New Version Control — Hacker News discussion
- [11] Show HN: Tracking AI Code with Git AI