DEV Community

Meet checkOwners: confidence-scored CODEOWNERS from your git history

"Who owns this code?" is a question most teams answer with folklore. GitHub's CODEOWNERS file is supposed to answer it, but it gets written once, rots quietly, and keeps routing reviews to people who changed teams a year ago. checkOwners answers it from evidence instead.

It's an open-source CLI that reads your git history and writes your CODEOWNERS file for you. Pure git, no LLMs.

How it works

checkowners analyze reads git log and git blame (in parallel, only over paths that can actually produce owners; a 24k-commit monorepo analyzes in under two minutes) into a confidence-scored ownership map cached per repo under ~/.checkowners/. Commit emails resolve to GitHub @handles (noreply emails locally with no token, the rest via the GitHub API), and same-person identities merge so bus factors count people, not email addresses. From that map, generate writes a CODEOWNERS file.

Ownership isn't binary

Nobody owns a path absolutely; they own it with some confidence. checkOwners scores every path and owner pair between 0.0 and 1.0 from four signals:

  • Commit recency (exponential decay, 90-day half-life by default)
  • Commit frequency
  • Blame coverage
  • PR review activity (optional, via the GitHub API)

The generated file ranks owners by that score, and uniform directories consolidate into single rules like /src/ @alice instead of hundreds of per-file lines. Commit emails resolve to GitHub handles (noreply addresses parse locally, zero API calls), and same-person identities merge, so one human committing from two addresses is one owner, not two.

Beyond generation

Because the ownership map is confidence-scored, it can answer second-order questions:

  • bus-factor: which paths does exactly one person understand, and who should back them up
  • decay: which owners quietly stopped touching what they own, and where to transfer knowledge
  • drift: where the committed CODEOWNERS disagrees with inferred reality, using GitHub's real pattern-matching semantics (segment-bounded globs, root anchoring, last match wins)
  • topology: team boundaries inferred from commit co-occurrence
  • balance: overloaded reviewers and suggested redistribution
  • onboard: a learning path for new hires, from broad-ownership files to deep-expertise ones
  • trends: how ownership confidence and bus factor evolve over time

Quick start

pip install checkowners
checkowners analyze   # confidence-scored inference
checkowners generate  # write CODEOWNERS
checkowners drift     # committed file vs reality

Every command supports --json. In CI, the GitHub Action runs the whole flow on pull requests, maintains one continuously updated drift comment per PR, and can fail the build on drift.

One PSA, even if you never install it

GitHub silently ignores CODEOWNERS lines containing character ranges like [...]. No error, no warning, anywhere. If your hand-written file covers Next.js dynamic routes such as app/[companyId]/, those paths may have no owner right now. checkOwners always emits GitHub-valid patterns, but either way: go check your file.

Trust notes

Tested against a production monorepo (24k commits, 12k active files); a full analysis takes under 3 minutes. It refuses to overwrite a hand-written CODEOWNERS without --force, all state stays local under ~/.checkowners/, and GitHub API access is strictly opt-in.

pip install checkowners (GitHub). If it misbehaves on your monorepo, open an issue.

Comments

No comments yet. Start the discussion.