dicts incident resolution time isn't code coverage—it's design traceability.
Core Solution
Restoring accountability requires replacing passive acceptance with active cognitive ownership. The implementation spans three layers: repository auditing, commit standardization, and pre-merge verification gates.
1. Repository Composition Audit
Standard git blame output is human-readable but machine-unfriendly. To isolate AI contribution density in critical paths, parse porcelain output and aggregate by directory pattern.
// audit-ai-density.ts
import { execSync } from 'child_process';
import * as fs from 'fs';
import * as path from 'path';
interface LineMetadata {
author: string;
file: string;
line: number;
}
function parseBlamePorcelain(filePath: string): LineMetadata[] {
const output = execSync(`git blame --line-porcelain "${filePath}"`, { encoding: 'utf-8' });
const lines = output.split('\n');
const metadata: LineMetadata[] = [];
let currentAuthor = 'unknown';
for (const line of lines) {
if (line.startsWith('author ')) {
currentAuthor = line.replace('author ', '');
} else if (line.startsWith('\t')) {
metadata.push({ author: currentAuthor, file: filePath, line: metadata.length + 1 });
}
}
return metadata;
}
function calculateDensity(targetDir: string): Record<string, number> {
const files = execSync(`find ${targetDir} -type f -name "*.ts" -o -name "*.tsx"`, { encoding: 'utf-8' })
.trim()
.split('\n')
.filter(Boolean);
const counts: Record<string, number> = { human: 0, ai: 0 };
for (const file of files) {
const blameData = parseBlamePorcelain(file);
for (const entry of blameData) {
// Heuristic: AI authors typically contain known tool identifiers or lack git config names
const isAI = /claude|copilot|cursor|ai-assist/i.test(entry.author) || entry.author === 'unknown';
counts[isAI ? 'ai' : 'human']++;
}
}
return counts;
}
// Usage: node --loader ts-node/esm audit-ai-density.ts
const density = calculateDensity('./src/services');
const total = density.human + density.ai;
console.log(`Human: ${((density.human / total) * 100).toFixed(1)}% | AI: ${((density.ai / total) * 100).toFixed(1)}%`);
Architecture Rationale: Porcelain format guarantees stable parsing across git versions. The heuristic author filter can be replaced with explicit .git-blame-ignore-revs or custom author tags. Directory scoping prevents noise from config files, generated types, and vendor dependencies.
2. Design-Context Commit Standard
Never merge AI-generated logic without capturing the architectural decision. Standardize a [DESIGN-TRACE] block in commit messages.
git commit -m "feat: implement retry handler with jittered backoff
[DESIGN-TRACE]
Prompt: Generate retry strategy for async worker queue handling thundering herd.
Decision: Exponential backoff with random jitter over fixed polling.
Rationale: Event volume spikes to ~500/min during peak; fixed intervals cause DB connection exhaustion.
Reviewed: Delay calculation, non-retryable error classification, idempotency keys.
Unreviewed: Event ordering edge cases under partition recovery.
Session: claude-session-8f3a2b1c"
Architecture Rationale: Structured commit blocks enable automated parsing by CI pipelines and incident management tools. Explicitly separating reviewed vs. unreviewed sections creates a risk boundary. Session IDs link commits to conversation logs for postmortem reconstruction.
3. Cognitive Verification Protocol
Replace the "two-sentence rule" with a formalized verification gate. Before merging, the committer must satisfy the Explanation Threshold:
- Traceability: Can you map the implementation to a specific prompt and design constraint?
- Failure Mode Awareness: Can you list at least two ways this logic degrades under load?
- Modification Confidence: Can you refactor one component without breaking the execution path?
If any condition fails, the code must be treated as a third-party dependency: instrumented, audited, and documented before merge.
Pitfall Guide
1. The "Green Test" Fallacy
Explanation: Assuming passing unit and integration tests equals production readiness. Tests verify expected paths, not architectural tradeoffs or failure boundaries.
Fix: Require failure-mode documentation alongside test suites. Add chaos engineering probes for retry logic, timeout handling, and concurrency limits before merging AI-generated handlers.
2. Ephemeral Context Loss
Explanation: Design rationale lives exclusively in chat windows that expire, get truncated, or are cleared. Repository history becomes a black box.
Fix: Enforce commit message templates that mandate rationale extraction. Archive critical AI sessions to docs/ai-decisions/ with deterministic filenames matching commit hashes.
3. Blame Attribution Drift
Explanation: git blame attributes commits to the human who merged, masking the actual logic generator. Incident responders waste time tracing commits that lead to dead ends.
Fix: Implement a pre-commit hook that validates [DESIGN-TRACE] presence for files in critical directories. Use git log --grep="DESIGN-TRACE" to filter AI-assisted changes during incident triage.
4. License & DCO Blind Spots
Explanation: Submitting AI-generated code to open-source projects or internal monorepos with strict attribution policies violates Developer Certificate of Origin (DCO) requirements. Many foundations explicitly restrict unverified AI contributions.
Fix: Run automated license scanning (license-checker, FOSSA) on AI-generated modules. Add a AI-CONTRIBUTION: true tag to package.json or CODEOWNERS for compliance auditing.
5. Complexity Threshold Ignorance
Explanation: Merging highly complex AI output without cognitive verification creates unmaintainable debt. Cyclomatic complexity and nested conditionals compound rapidly.
Fix: Integrate complexity-report into CI. Block merges if AI-generated files exceed a cyclomatic complexity threshold (e.g., >15 per function) without explicit rationale and test coverage.
6. Postmortem Traceability Failure
Explanation: Incident reports blame the committer, but resolution requires understanding the AI's original constraint interpretation. Without session linkage, debugging becomes guesswork.
Fix: Map commit hashes to AI session IDs in a lightweight tracking table. Export conversation logs to immutable storage (S3/GCS) with retention policies aligned with SLA requirements.
7. Over-Reliance on Heuristic Author Detection
Explanation: Assuming AI authors can be reliably identified by name patterns fails when developers manually edit AI output or use custom git configs.
Fix: Shift from author-based detection to content-based analysis. Use static analysis tools to flag functions with high AI-generation probability (e.g., specific comment patterns, boilerplate structures) and enforce context tags regardless of author metadata.
Production Bundle
Action Checklist
Decision Matrix
| Scenario | Recommended Approach | Why | Cost Impact |
|---|
| Internal SaaS backend | Enforce [DESIGN-TRACE] + session archiving | Operational accountability outweighs legal risk; postmortems require traceability | Low (tooling overhead) |
| Open-source contribution | Strict DCO compliance + manual audit | Foundation policies restrict unverified AI code; legal exposure is high | Medium (review time) |
| Rapid prototyping | Lightweight tracking + post-merge documentation | Speed prioritized; context can be backfilled before production promotion | Low |
| Regulated/financial systems | Full cognitive verification + complexity gates | Failure tolerance is near zero; audit trails must be deterministic | High (process overhead) |
Configuration Template
# .gitmessage
# Copy to .git/hooks/commit-msg and chmod +x
commit_msg=$(cat "$1")
if echo "$commit_msg" | grep -qE "feat:|fix:|refactor:"; then
if ! echo "$commit_msg" | grep -q "\[DESIGN-TRACE\]"; then
echo "ERROR: AI-assisted commits require [DESIGN-TRACE] block."
echo "Prompt, decision, rationale, reviewed/unreviewed sections, and session ID are mandatory."
exit 1
fi
fi
# Validate complexity threshold (requires complexity-report installed)
if command -v complexity-report &> /dev/null; then
complexity=$(complexity-report --threshold 15 --path src/services)
if [ $? -ne 0 ]; then
echo "ERROR: Cyclomatic complexity exceeds threshold. Refactor or provide explicit rationale."
exit 1
fi
fi
// .github/workflows/ai-traceability.yml
name: AI Traceability Check
on: [pull_request]
jobs:
validate-trace:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check DESIGN-TRACE presence
run: |
git log --oneline origin/main..HEAD | while read hash msg; do
if echo "$msg" | grep -qE "feat:|fix:"; then
if ! git show "$hash" | grep -q "\[DESIGN-TRACE\]"; then
echo "Missing DESIGN-TRACE in $hash"
exit 1
fi
fi
done
- name: Scan AI-generated modules
run: npx license-checker --summary --failOn "AGPL-3.0"
Quick Start Guide
- Initialize tracking: Run the density audit script against your core business logic directory. Record the human/AI split and identify files exceeding 50% AI contribution.
- Configure commit hooks: Place the
.gitmessage template in your repository root. Add a prepare-commit-msg hook to auto-populate the [DESIGN-TRACE] structure for AI-assisted changes.
- Establish session mapping: Create a
docs/ai-decisions/ directory. For every AI-generated merge, export the conversation log and name it {commit-hash}.md. Link it in the commit message.
- Enforce in CI: Add the traceability workflow to your repository. Block merges that lack design rationale or exceed complexity thresholds.
- Update incident response: Modify your runbook to search
[DESIGN-TRACE] blocks instead of relying on git blame. Map session IDs to archived logs for faster root-cause analysis.
Operational accountability isn't about restricting AI usage. It's about ensuring that every line of code entering production carries its own architectural memory. When the system fails, the answer shouldn't be "who committed it?" It should be "why was it built this way, and who understands the tradeoff?"
