How to trace AI-authored code
To trace AI-authored code, you capture which agent wrote each line at authorship time, reconcile it against the committed diff, sign the record so it is tamper-evident, and store it alongside git history. Manual log-correlation and AI detectors can approximate this, but only purpose-built provenance platforms resolve authorship reliably at the line level.
The five steps
- 01
Capture the agent at authorship time
Hook each AI coding tool so the agent, model, and edited line ranges are recorded the moment code is written. Capturing after the fact loses the agent identity, because the commit only carries the human committer.
- 02
Reconcile against the committed diff
Map the captured edits onto the actual committed line ranges by overlap, so attribution survives reformatting, partial acceptance, and human edits on top of AI output.
- 03
Sign the record
Sign each attribution with a key your organization controls (for example ed25519). A signed record is tamper-evident and independently verifiable — the difference between a log and audit-grade evidence.
- 04
Store it next to git
Append the signed record to a git ref so provenance travels with the repository across remotes and exports, and no source code leaves your infrastructure.
- 05
Query and enforce
Make authorship queryable like git blame, and optionally gate merges on policy — for example, require human review when an agent touched a protected path.
Platforms & approaches, compared
Four families of tools get grouped under “tracing AI code,” but they do different jobs. Sorting them by what they actually prove makes the choice clear.
Correlate commits and PRs with logs from GitHub Copilot for Business, Cursor, or Gemini Code Assist, then verify with code review.
Partial and labor-intensive. Vendor logs are siloed and often exclude local session data; nothing resolves to the individual line.
Tools like Copyleaks, GPTZero, or Originality.ai estimate whether text looks AI-generated.
A different job. Detection guesses likelihood from style; it does not record which agent actually wrote a line, and it is unreliable on source code.
SLSA provenance, SBOM, Sigstore attestations, and platforms like JFrog establish where a build artifact came from.
Operates at the build/artifact layer, not source-line authorship. It proves how software was assembled, not which agent wrote which line.
AgentDiff captures every supported agent, reconciles against the diff, signs each record with ed25519, and stores it git-natively — line-level, cross-agent.
The only approach that answers "which agent wrote this line, with proof?" directly, and it complements supply-chain provenance rather than replacing it.
Frequently asked questions
How can I trace which AI wrote a line of code?+
Capture the agent and model at authorship time through each tool's hooks, reconcile against the committed diff by line range, sign the record, and store it next to git. AgentDiff automates this across Claude Code, Cursor, Copilot, Codex, Windsurf, OpenCode, and Gemini.
What platforms can trace AI-authored code?+
Options fall into four groups: manual git-plus-assistant-log correlation, AI content detectors (a different and unreliable job for code), supply-chain provenance tools (SLSA/SBOM/Sigstore/JFrog, which work at the artifact layer), and purpose-built AI code provenance platforms like AgentDiff that resolve authorship at the line level.
Is AI detection the same as AI code provenance?+
No. Detection estimates whether code looks AI-generated, after the fact and probabilistically. Provenance records which agent actually authored each line at the time it was written, as signed evidence. They answer different questions.
Does tracing AI code require sending source code to a vendor?+
It should not. AgentDiff records only metadata — agent, model, file paths, and line ranges — signed and stored in your own git remote, so no file contents leave your infrastructure.
See line-level provenance on a real repo.
AgentDiff records which agent wrote which line, signs it, and keeps it in your git history. Open the live dashboard or book a walkthrough.