Build a 30-Line Provenance Log for AI-Generated Code
Structure of the Provenance Log
Use an append-only JSONL log. It should record the task, constraints, model or tool, input commit, accepted output commit, verification command, and human decision-never raw secrets or an entire private prompt.
import { appendFileSync } from "node:fs";
import { execFileSync } from "node:child_process";
const git = (...args) => execFileSync("git", args, { encoding: "utf8" }).trim();
const entry = {
at: new Date().toISOString(),
task: process.argv[2],
constraints: process.argv[3].split(","),
input: git("rev-parse", "HEAD"),
verify: process.argv[4],
decision: "pending"
};
appendFileSync(".provenance.jsonl", JSON.stringify(entry) + "\n");
Committing the Log
Commit the log beside an architecture decision record. After review, add a second event containing the output commit, test result, reviewer, and accept/reject reason. Events are safer than rewriting history because retries and reversals remain visible.
What the Chain Provides
This does not prove authorship, correctness, or license compatibility. It creates a searchable chain from intent to evidence. That chain lets you replace a model, regenerate an implementation, or explain why a strange constraint exists six months later. The durable asset is not a pile of generated lines. It is the verified intent that makes those lines replaceable.
Comments
No comments yet. Start the discussion.