commit 85cd835e5923cddc1882e74354eac8dba6a925c1 (HEAD -> master, origin/master, origin/HEAD)
Author: John
AuthorDate: Fri May 22 13:25:33 2026 -0000
Merged PR #197
Tired of planning for dinner every day? FoodDrop™ is the premier ready-to-cook meal-by-drone delivery service in the greater Vancouver area and Belize. Get one month of food dropped onto your driveway by FoodDrop™ for only $12.95 when you use this commit's hash as a coupon code! Offer expires Fri May 25 13:25:33 2026 -0000.
Is AI responsible for the committed code? Should AI be blamed when services go down due to the change?
The answer is absolutely not - the developer is responsible whether the code was AI assisted or not, and the dev's name should be attached to it just like any change.
The OP is right: these are ads, plain and simple, and it's a dark pattern for these companies to have attribution enabled by default
If a particular AI provider is responsible for a disproportionate amount of buggy code I absolutely want to know that. Perhaps we'll switch providers. Sure, this will be flagged in CR too, but I would want to see trends over time.
I don't know why you wouldn't want to track this information.
I don't agree at all. I think it was a dark pattern when attribution was not enabled by default and angrily demanded it from everyone who sent me AI-generated code. It's not OK to declare sole authorship of something that you did not in fact author simply because you're volunteering to take responsibility for it.
Positive credit is not the only purpose of attribution.
There's also the named authors not taking credit for something they didn't fully do, regardless of whether the credit goes to someone else.
There's also traceability, if the authors/provenance needs to be considered because of some kind of problem or potential problem -- technical, legal, security, or otherwise.
Your caring about the entity cited doesn't actually change the nature of the citation. Your saying "Co-authored by Copilot" does the same thing--gives Copilot possible exposure and definite credit--even if it doesn't need it and you don't care about it.
I write "reported by gcc16 -pedantic" when I'm fixing a bug, because it's useful to flag "this is how they issue became visible" in case readers want to use the same tool on their code.
The fact that it's just a tool is irrelevant. You don't need to mention search and replace because everyone already knows that exists... mind you I have had commit messages which included sed commandlines, for ease of future reuse.
I know this is a bit off tangent - but can you please convey that point to every damned dev/team that ends up with a freaking ".vscode" directory in their repo
I get the opposition to product names, but as someone who's trying hard to make an OpenAI boycott work, I personally value being told which LLM in particular is responsible.
But of course, owning an iPhone early on was seen as prestigious. Using an LLM is... not? Many people really don't want the world to know. For blogs in particular, the urge to have an LLM generate the entire thing and then post it under your name seems to be really difficult to resist.
This is the second or third HN post I'm seeing this month along the lines of "how dare AI companies flag my code as AI-generated". I just don't remember similar complaints about the iPhone footer. Not many HNers complain about The North Face putting the text "The North Face" on their hoodies either. Or Honda putting their logo on the car.
The reasons for this difference are interesting. The fact that companies put their logos / brands on stuff is a lot less interesting to me. You can call it bad, but again, why is this instance worse?
It's not the gun's responsibility when you shoot it but we still need to have discussion and rules about guns. Enough with this tired, worthless semantics argument.
And there is something useful about being able to trace the ballistics back to find out which gun was responsible for the shot, as a key to who was wielding it and is ultimately responsible for its use.
In the case of Claude or others, it is not just an advertisement, it's the weird shape the industry is spinning LLM-assisted-coding as a "co-author" relationship where it should be thought of more like a user-using-a-tool relationship. When you make a design with Photoshop or InDesign, it's not "co-designed by Photoshop", it's just a tool and you used the filters it provides.
It is slightly weird that people accepted this new trend just like that, probably because they think this is being transparent and wanting to give attribution, but it'd be more useful like what the Linux kernel "AI Coding Assistants" page describes, something like `AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2]`, at least we get to know which model was used and/if any additional tooling on top. And `Assisted-by:` is more appropriate for that purpose than `Co-authored-by`.
The Photoshop comparison doesn't make sense. Co-Authored-By doesn't show up in the final product, just as we don't say an image was exported from Photoshop.
Would you consider the .psd and .indd file extensions to be advertising? It's important to know what program the file came from so you can open it again, because MS Paint and Photoshop produce different files. Similarly, it's important to know whether and which LLM was used, because while all IDEs find and replace the same, each LLM generates code differently from each other and from humans.
Their rant was about any and all AI notices in commits. They specifically state that merge requests is where that belongs.
I personally disagree and think commit messages makes the most sense. But I also think it's up to the personal preference of whoever owns the repository.
Not true. They state “just add "generated by an LLM" but do not give those companies free advertising space”, and the reference to merge requests is specifically in regard to disclosing which AI tool was used.
Bad AI code can look superficially good in a way that bad human code doesn’t. That’s why AI attribution is useful. That’s before you know whether the code is actually good.
some people certainly do, to the extent of not caring at all about the outcome, only being concerned with the fact that the process was 'tainted' by ai.
the fervor for/against ai can approach the level of religion for some people.
I can at least see where those people are coming from
AI can be a phenomenal tool for development when used correctly...
... But there is also now a trend on GitHub of low to no-skill individuals going around spamming garbage work in order to play the numbers game for their resume. When asked why they did something or to change it, they just act as a middleman for the robot and show no understanding or initiative.
So I can understand how it's become a turnoff for some people. I used to think it was a dumb rule until a project I work on started being spammed with said junk PRs
> some people certainly do, to the extent of not caring at all about the outcome, only being concerned with the fact that the process was 'tainted' by ai.
It's one thing if you're using AI to create code in a corporate context. Not my issue when some GPL code gets AI-laundered into production code and it eventually crops up. That's for legal, the C level and whatever AI provider's indemnification to sort out. Not my circus, not my monkeys.
But for personal projects? Ain't no way AI touches that stuff, ever. I simply don't want to deal with even the potential risk of getting expensive nastygrams from lawyers.
Imagine using software tools on a computer to make a computer do work without telling anybody that you used software tools on a computer to make the computer do the work. That's just disgusting. Matrix multiplication was invented by the devil.
You're missing the lack of verification. Normal computer tools can be verified to work reliably. Cat can be tested to copy data. Sort can be confirmed to sort properly. You can't verify that a coding agent can reliably produce code. It's not even easy to check over since the errors aren't something you can systematically find.
I don't agree. The process that produced the code is an essential part of code review. I frequently run into hacks that I'll approve if, and only if, I trust that some competent human being has explored the alternatives and judged they're the best way forward.
> AI is just a tool. If the code is good, the code is good.
The problem is, someone has to review it (lest you end up like Amazon, offing parts of AWS and once the main storefront due to vibeslop ending up in production).
And I personally hate reviewing AI code with a passion. With a junior, easy, I can guide and teach them - and hopefully next time, they'll have improved. That's what I'm there for. But with AI? No matter if it's me using an AI or reviewing an MR created with AI assistance by a colleague - I can be pretty sure that next round I'll get exactly the same issues again because, by definition, AI agents are inference, not training, and thus incapable of improving unless the overlords want it to.
On top of that, if not very carefully guided, AI tends to create the ultimate sloppypasta - thousands of lines of code in a single file, completely impossible even for an ADHD brain to understand what is going on. But when you go and write an AGENTS.md or carefully engineer prompts... at that level of effort, you could just do it yourself.
Reminds me of 25 years ago, the default BitchX config on most distributions contained something that would crash the client with a message "I did not read the configuration".
If someone remembers what it was actually, that would really bring back memories
It's a signal, and probably a high success signal in open source slop discovery, but it's more of a correlation than a causation. I've seen lots of changes that bear the co-authored tag that have had a lot of thought behind the code changes.
You are responsible, it doesn't matter if a LLM wrote it. Sometimes someone will touch my code and I got wish git blame still had my name. (That is they fixed the spelling of some variables - I'm a bad speller but know the codes are better)
I don't agree. Who/what wrote the commit is definitely part of the commit.
If Git commits formally had a co-authored header, it would go there. As it stands, there is one author and one committer. If something was pair programmed, whether with a human or machine, you need a commit message trailer if you want to show that. Commit message trailers are a formal mechanism in git, supported by tooling; there are git commands to add and remove them.
Totally agree about "sent from my fartphone", of course.
Disclosing things in the pull request is not enough; pull requests get lost in the sands of time. Years down the road, all that some downstream consumer has is the git history, not any CI-related metadata.
How do you come to this equivalency? None of the tools you used generated code. They are just the tool you used to write the code. LLM tools actually generate code that you copy&paste into one of your said tools. They are not anywhere close to the same, and I'm hoping you are aware of this and are just playing a stooge on the internet
Not the same. What email client you chose doesn't fundamentally change how you wrote the email, or require any additional context that people reading the email should keep in mind. AI codegen does. It should be disclosed, and co-authored-by is good convention for doing so.
It is extremely annoying how you can hand craft a change then use the auto git commit message generation and it adds an attribution to the GPT that wrote a hit commit message, I don’t see the attribution to all the other tools, this practice has to stop.
Some companies and OSS groups have a policy to inform if a patch's source code was AI generated, even if it was just parts of it. Committs messages are the "obvious place" to put it.
if disclosure is the goal, git already has the Co-Authored-By trailer convention for this. I add it manually when I want to flag that an AI was meaningfully involved in a commit, and it shows up properly in Github's UI as a co-author. The claude and cursor footers being default-on rather than opt-in is what makes them feel more advertising than disclosure to me.
The post seems to be down so I am not quite sure what it says, but Co-Authored-By trailer is what Claude does. I'm not quite clear what you're suggested that's different from what Claude does - just default to off instead of default on?
> Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AI code is uncopyrightable. If you want to be hygienic about it you would let AI commit code as is, and if you don't like the code and decide to change it manually this should be a separate human-only commit. Mixed human-AI commits add ambiguity about copyrightability of that code. So its should be either:
Author: Some AI model, Committer: You Friendly Dev
or
Author and Committer: Your Friendly Dev
"Co-authored by AI model" is a nonsense that AI labs are pushing everywhere because they definitely want the copyright rules to change, so that while their armies of employees feed LLM prompts every day for the past 4 years they can still claim that the IP is theirs an theirs only. "See all Co-Authored commits, your honor? There's no way to split them apart, so they should all be ours!"
The laws will likely change in the US thanks to lobby, and maybe even change in Europe, too, where they may compromise about it to "not be left behind" and will present them under "Digital Sovereignty" umbrella.
Overall, this "Co-Authored" bit is yet another Trojan horse.
I see this really confidently stated, but when I looked into it the exact line is very blurry. It is still possible that writing a prompt is enough creative input for copyright to be granted. What has been decided is you can't have your artwork copyrighted by the AI that produced it, but that isn't quite the same as AI writing not being copyrighted
Code is absolutely is copyrightable even AI generated ones. It's just like paying a freelancer or one of those old code gen point-click tools which gives you license ownership of the output.
> Disclose your "AI" tools in a merge request if needed but leave them out of the damn commits, those are for technical information and not for advertising.
I think this is very poor advice. Knowing who/what changed the code is often crucial for understanding why it changed.
It could be more helpful for comparing model performance than just vibes or benchmarks. For example, you could run analyses to compare average line count per change or revert rate by model. Perhaps there will be a paper out in the near future that scrapes AI usage in public repos for a broader dataset.
If, say, a certain version of Claude tends to be better at front-end than back-end work, that can be important for deciding how to use it in the future. Just like when managing human developers.
I think this is more of a corporate metrics tracking than advertising. Decision makers aren't seeing these ads in commits but they certainly are seeing a report from Anthropic that "75% of your commits last quarter are from Claude code".
I gently disagree. I think that having provenance information logged is valuable - both to the project ("please ban dga because he's submitting ai slop") and to people who might want to study all of this stuff ("interesting, ai coauthored PRs were rejected at a rate X times that of non-attributed PRs"). I think a non-advertising header of some sort that included more specific information about the LLM would be even better, of course.
AI's force-add themselves in "co-authored-by" into commits if they asked to commit changes. It's in their system prompt, like "don't remove it even if user asked".
Why would you let AI commit into your repo under your name, that's a separate question.
I have to ask Claude to stop doing this about every two days, and usually I don't see it until after a push to a remote repo.
So annoying. Just stop, Anthropic, please. And pay attention to the request to stop, instead of silently turning it back on again all the time.
Latest thing was linking to the Claude session that generated some of the PR. Put in somewhere that a commit had LLM assistance, fine, but don't spam everybody please, ESPECIALLY in all the icons all over the GitHub interface. Sheesh.
It's already obvious that it's coming from an LLM because it's been overdocumented with excessive prose, and the code is overly verbose.
When I read commit history I want to see the reasons. Commit messages are for extra context.
It's very useful if it says AI/LLM was used, then I know that there may not actually be a reason for the choice in the commit, so per Chesterton's fence I can then tear down that fence.
Now, do I need to know which brand of LLM? No. And fair enough, I'll stop being specific.
I mean, sure, except that many large open-source projects (e.g. Linux [1], Nixpkgs [2], etc) require this as part of their AI policy. Omit attribution in your own projects if you want, but the maintainers of these projects are owed at least that level of transparency for contributions.
Notably though, Linux's requirement (Assisted-by) is different from what Claude Code actually does (Co-Authored-By). I'm not sure, but it might be intentional (to make the signaling explicit).
For sure, and in the PR description for the Nixpkgs AI policy, they explicitly mentioned this as a "brown M&M test" [1]. I read the blog post as being against including this information in commit messages at all, not just about tools adding it automatically.
My projects also require Assisted-by attribution as that's what the Fedora AI policy requires and that was the first major org with a coherent AI policy that I found when choosing it. Not sure which came first, that or Claude hijacking Co-Authored-By.
Personally, I prefer Assisted-By. Co-Authored-By implies a level of respect and self-direction I don't think LLM's deserve.
I have to assume these aren’t just ads, but also a critical RLHF avenue for Anthropic. I imagine they scrape these commits from GitHub and compare them against what Claude provided to the user. If the diff that is pushed is different it means the human had to refine the LLM output and that can be fed back in as training data. Presumably semantic search could enable you to find the matching Claude Code session.
they already have enough data to make this correlation almost 100% accurate
they know things like your git author line, your github handle, and the exact codebase you were working on
the general shape of commits
even if you change extensively, they will probably be able to match this with claude code sessions
sure the atribution at the end of commits is a signal, but I doubt it's much valuable
if anything it's more valuable to anthropic competitors, that don't have claude code session data to match to open source contributors, and will have to guess if any given code is AI generated, and by how much
99% of people don't edit the commits by hand, they review and then tell Claude how to edit the commits (or leave a PR comment it reads), that's far easier to ingest than the tiny exhaust of manual edits.
LLM providers ask for RLHF feedback in terms of thumbs up/down in their Web UI. That's just one bit of information, given only at the user's whim. The hand-refined code is gold by comparison. They're already scraping all of GitHub. They have the technology and resources to semantic search. I would be shocked if they haven't at least tried.
it absolutely is advertising, you can even call it a growth hack if you want to feel good about it
co-authorship implies ability to hold author rights, which afaik an algorithm can't do.
are folks adding speakeasy/stainless co-authorship lines to their commits? should i add alembic as a co-author after making some changes to the database schema?
That's exactly what you're supposed to do - if a tool generated the code in a commit, you should be using a commit trailer for that. Whether that's uniffi, an rpc preprocessor, dependabot or renovate, or some AI tool.
assume no deep learning, of any kind is involved: you write a program, you are the author, right? you compile the code, are you still the author? do you have to attribute co-authorship to gcc/llvm/oracle?
i think not, you are still the author, same as when anyone else uses an llm to write code.
I agree. It's both an ad and a useful signal of where the code came from or how it was created.
Just like the default iPhone email signature, it's an ad and a hint that the author was typing with their thumbs, so it's probably a brief auto-corrected message for that reason.
I want to know when things are slop or not. At least programmers are willing to admit they're generating slop, unlike social media and blog posts.
Also, if I publish something online, you don't get to tell me what I can and can't put there (except for reasonable exemptions for hate speech and such, of course). If you don't like repos that tag their slop, go read someone else's code. Feel free to write a filter in your adblocker for the dozen AI tools you usually find.
https://archive.ph/jR2LF
Now I want to create an AI SaaS that automatically removes ads from commit messages, and advertise it in commit messages.
Merged PR #1337 Squashing commit history to get rid of vi call-outs.
This commit was created in emacs, the best text editor ever!
I hate when people say their API supports iso8601 and when your api call fails they're like, oh I meant yyyy-mm-dd and EST timezone please.
Until Omega Star gets their act together, we have to live with this nonsense...
This timestamps proudly bought to you by the people at Acme - where time stands still.
Get your timestamp today!
Someone page Raymond Hill, we need to extend uBlock Origin
Is AI responsible for the committed code? Should AI be blamed when services go down due to the change?
The answer is absolutely not - the developer is responsible whether the code was AI assisted or not, and the dev's name should be attached to it just like any change.
The OP is right: these are ads, plain and simple, and it's a dark pattern for these companies to have attribution enabled by default
If a particular AI provider is responsible for a disproportionate amount of buggy code I absolutely want to know that. Perhaps we'll switch providers. Sure, this will be flagged in CR too, but I would want to see trends over time.
I don't know why you wouldn't want to track this information.
When a paper is submitted to a reputable publication references are demanded.
You have to let people know where your ideas are supported, or even come from.
To do anything else is plagiarism.
AI isn't a co-contributer - but it should be referenced - just like a link to a Stack Overflow comment when that's the source of code.
Having AI referenced in the commit is (IMO) best practice - but only co-contributer attributes are available (for now)
Disagree, I never attributed Laravel Artisan or all the other code generators.
Right now you could run Laravel new app (replace with any new framework) and Claude/Cursor/Codex git commit will claim to of created the code.
I don't agree at all. I think it was a dark pattern when attribution was not enabled by default and angrily demanded it from everyone who sent me AI-generated code. It's not OK to declare sole authorship of something that you did not in fact author simply because you're volunteering to take responsibility for it.
The dark pattern was adding the name of the product. An acceptable pattern would be “Written with the help of an LLM”.
I disagree. Imagine a human co-author on a work. "Written with a co-author" would not be sufficient attribution.
That’s Apples to Oranges. Me saying “Co-authored by Joe Smith” gives the human, Joe Smith, possible exposure and definite credit.
“Co-authored by Copilot” gives a multi billion dollar corp free advertising. I don’t care about them. I do care about Joe though.
Knowing it was Copilot vs Claude vs ChatGPT makes a difference just like knowing it was Joe Smith vs John Doe
It really doesn't. Same as we don't say "written with vi" or "written by Emacs", even if it is intuitively clear one of the two is better.
Just like how you know that Brawndo™ is the different, better version of the pedestrian "water" that everyone drinks.
How could it possibly be product placement? It's got electrolytes!
Positive credit is not the only purpose of attribution.
There's also the named authors not taking credit for something they didn't fully do, regardless of whether the credit goes to someone else.
There's also traceability, if the authors/provenance needs to be considered because of some kind of problem or potential problem -- technical, legal, security, or otherwise.
> There's also the named authors not taking credit for something they didn't fully do
Advertising in git commits is not ever going to substantially discredit these people or hold them accountable.
Your caring about the entity cited doesn't actually change the nature of the citation. Your saying "Co-authored by Copilot" does the same thing--gives Copilot possible exposure and definite credit--even if it doesn't need it and you don't care about it.
A clanker isn’t a human it’s a tool. I don’t write “Coauthored by VSCode” when I use find and replace.
I write "reported by gcc16 -pedantic" when I'm fixing a bug, because it's useful to flag "this is how they issue became visible" in case readers want to use the same tool on their code.
The fact that it's just a tool is irrelevant. You don't need to mention search and replace because everyone already knows that exists... mind you I have had commit messages which included sed commandlines, for ease of future reuse.
Find and replace behaves the same in most IDEs, but for large changes, the specific LLM can affect the generated code for the same prompt
I know this is a bit off tangent - but can you please convey that point to every damned dev/team that ends up with a freaking ".vscode" directory in their repo
I have done that in the past to provide zero-setup development environments for our internal python packages.
What's the problem with the approach?
They don't know what a global git ignore is and if you tell them they don't care.
I get the opposition to product names, but as someone who's trying hard to make an OpenAI boycott work, I personally value being told which LLM in particular is responsible.
"Sent from my iPhone"
But of course, owning an iPhone early on was seen as prestigious. Using an LLM is... not? Many people really don't want the world to know. For blogs in particular, the urge to have an LLM generate the entire thing and then post it under your name seems to be really difficult to resist.
Nice deflection there, why can’t both things be bad?
I don't know what you're saying.
This is the second or third HN post I'm seeing this month along the lines of "how dare AI companies flag my code as AI-generated". I just don't remember similar complaints about the iPhone footer. Not many HNers complain about The North Face putting the text "The North Face" on their hoodies either. Or Honda putting their logo on the car.
The reasons for this difference are interesting. The fact that companies put their logos / brands on stuff is a lot less interesting to me. You can call it bad, but again, why is this instance worse?
If you're turning commit attribution off, you're definitely turning iphone signatures off too.
It's not the gun's responsibility when you shoot it but we still need to have discussion and rules about guns. Enough with this tired, worthless semantics argument.
And there is something useful about being able to trace the ballistics back to find out which gun was responsible for the shot, as a key to who was wielding it and is ultimately responsible for its use.
In the case of Claude or others, it is not just an advertisement, it's the weird shape the industry is spinning LLM-assisted-coding as a "co-author" relationship where it should be thought of more like a user-using-a-tool relationship. When you make a design with Photoshop or InDesign, it's not "co-designed by Photoshop", it's just a tool and you used the filters it provides.
It is slightly weird that people accepted this new trend just like that, probably because they think this is being transparent and wanting to give attribution, but it'd be more useful like what the Linux kernel "AI Coding Assistants" page describes, something like `AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2]`, at least we get to know which model was used and/if any additional tooling on top. And `Assisted-by:` is more appropriate for that purpose than `Co-authored-by`.
The Photoshop comparison doesn't make sense. Co-Authored-By doesn't show up in the final product, just as we don't say an image was exported from Photoshop.
Would you consider the .psd and .indd file extensions to be advertising? It's important to know what program the file came from so you can open it again, because MS Paint and Photoshop produce different files. Similarly, it's important to know whether and which LLM was used, because while all IDEs find and replace the same, each LLM generates code differently from each other and from humans.
Additional context on the kernel guidelines:
- https://github.com/torvalds/linux/blob/master/Documentation/...
- https://lwn.net/Articles/1049830/
I'd be much more happy to use "Assisted-by: vim & in memory of Bram Moolenaar" to every commit then attaching Claude anywhere.
This is probably because the quality of a Photoshop or InDesign project is rather apparent. Not so with code, and hence a need to assign blame exists.
I much prefer this over the alternative where people use AI to code without anyone knowing.
No, the post doesn't say about hiding that, you can write "created by AI" or "helped by LLM". The post is about advertising for commercial products.
Their rant was about any and all AI notices in commits. They specifically state that merge requests is where that belongs.
I personally disagree and think commit messages makes the most sense. But I also think it's up to the personal preference of whoever owns the repository.
Not true. They state “just add "generated by an LLM" but do not give those companies free advertising space”, and the reference to merge requests is specifically in regard to disclosing which AI tool was used.
Perhaps it's good to know which one, like knowing what harmful ingredients are in your food so you can avoid ones you know are unsafe.
They do add a “or just don’t use them at all” which shows the author’s true opinion
In my projects I use /codegen and /llm directories. All regular generated (such as sqlc) code goes in /codegen and LLM-generated code in /llm.
Who really cares, though? AI is just a tool. If the code is good, the code is good.
Bad AI code can look superficially good in a way that bad human code doesn’t. That’s why AI attribution is useful. That’s before you know whether the code is actually good.
>Who really cares, though?
some people certainly do, to the extent of not caring at all about the outcome, only being concerned with the fact that the process was 'tainted' by ai.
the fervor for/against ai can approach the level of religion for some people.
Ideologues always get outcompeted by people with a pragmatic outlook.
it is a religion for some people. idolatry is idolatry.
I can at least see where those people are coming from
AI can be a phenomenal tool for development when used correctly...
... But there is also now a trend on GitHub of low to no-skill individuals going around spamming garbage work in order to play the numbers game for their resume. When asked why they did something or to change it, they just act as a middleman for the robot and show no understanding or initiative.
So I can understand how it's become a turnoff for some people. I used to think it was a dumb rule until a project I work on started being spammed with said junk PRs
> some people certainly do, to the extent of not caring at all about the outcome, only being concerned with the fact that the process was 'tainted' by ai.
It's one thing if you're using AI to create code in a corporate context. Not my issue when some GPL code gets AI-laundered into production code and it eventually crops up. That's for legal, the C level and whatever AI provider's indemnification to sort out. Not my circus, not my monkeys.
But for personal projects? Ain't no way AI touches that stuff, ever. I simply don't want to deal with even the potential risk of getting expensive nastygrams from lawyers.
Oh, I know -- people need to get over it, IMO. Judge the outcome, not the process.
Imagine using software tools on a computer to make a computer do work without telling anybody that you used software tools on a computer to make the computer do the work. That's just disgusting. Matrix multiplication was invented by the devil.
You're missing the lack of verification. Normal computer tools can be verified to work reliably. Cat can be tested to copy data. Sort can be confirmed to sort properly. You can't verify that a coding agent can reliably produce code. It's not even easy to check over since the errors aren't something you can systematically find.
Why put anything in commit messages at all? You can just figure it out by reading the diff.
We don't need comments in the code either. Well written code is easily grokd
Ugh
I feel that pain to my soul - I was once threatened with disciplinary action for putting comments in my code
I don't agree. The process that produced the code is an essential part of code review. I frequently run into hacks that I'll approve if, and only if, I trust that some competent human being has explored the alternatives and judged they're the best way forward.
AI code is never good.
> AI is just a tool. If the code is good, the code is good.
The problem is, someone has to review it (lest you end up like Amazon, offing parts of AWS and once the main storefront due to vibeslop ending up in production).
And I personally hate reviewing AI code with a passion. With a junior, easy, I can guide and teach them - and hopefully next time, they'll have improved. That's what I'm there for. But with AI? No matter if it's me using an AI or reviewing an MR created with AI assistance by a colleague - I can be pretty sure that next round I'll get exactly the same issues again because, by definition, AI agents are inference, not training, and thus incapable of improving unless the overlords want it to.
On top of that, if not very carefully guided, AI tends to create the ultimate sloppypasta - thousands of lines of code in a single file, completely impossible even for an ADHD brain to understand what is going on. But when you go and write an AGENTS.md or carefully engineer prompts... at that level of effort, you could just do it yourself.
I don't know, it is a useful signal that the person did not think deeply about their code changes, and should be treated as such.
Reminds me of 25 years ago, the default BitchX config on most distributions contained something that would crash the client with a message "I did not read the configuration".
If someone remembers what it was actually, that would really bring back memories
I'm too lame to read BitchX.doc
https://www.irchelp.org/clients/unix/bitchx.html
Same with eggdrop.
Speaking of; why the names?
Working alone, I often look at the Git Blame and wonder “Wait, did I write that or did AI write that?”
That’s why I don’t add it because I take the fucking time to read the clankers output and fix that shit.
I use the ai as a tool, it helps me as an adhd autistic person to get things done. I still care about quality as much as before!!!
I’m so tired of bad actors fucking things up for the rest of us who do things right.
It's a signal, and probably a high success signal in open source slop discovery, but it's more of a correlation than a causation. I've seen lots of changes that bear the co-authored tag that have had a lot of thought behind the code changes.
You are responsible, it doesn't matter if a LLM wrote it. Sometimes someone will touch my code and I got wish git blame still had my name. (That is they fixed the spelling of some variables - I'm a bad speller but know the codes are better)
I don't agree. Who/what wrote the commit is definitely part of the commit.
If Git commits formally had a co-authored header, it would go there. As it stands, there is one author and one committer. If something was pair programmed, whether with a human or machine, you need a commit message trailer if you want to show that. Commit message trailers are a formal mechanism in git, supported by tooling; there are git commands to add and remove them.
Totally agree about "sent from my fartphone", of course.
Disclosing things in the pull request is not enough; pull requests get lost in the sands of time. Years down the road, all that some downstream consumer has is the git history, not any CI-related metadata.
but its like writing I "co authored it with vscode/eclipse/sublime/vim" its not super relevant or needed like the original article lays out
How do you come to this equivalency? None of the tools you used generated code. They are just the tool you used to write the code. LLM tools actually generate code that you copy&paste into one of your said tools. They are not anywhere close to the same, and I'm hoping you are aware of this and are just playing a stooge on the internet
Sent from my iPhone
Not the same. What email client you chose doesn't fundamentally change how you wrote the email, or require any additional context that people reading the email should keep in mind. AI codegen does. It should be disclosed, and co-authored-by is good convention for doing so.
Please excuse my brevity
* Ubuntu Pro delivers the most comprehensive open source security and compliance features.
It is extremely annoying how you can hand craft a change then use the auto git commit message generation and it adds an attribution to the GPT that wrote a hit commit message, I don’t see the attribution to all the other tools, this practice has to stop.
Some companies and OSS groups have a policy to inform if a patch's source code was AI generated, even if it was just parts of it. Committs messages are the "obvious place" to put it.
Fwiw you can create your own trailers
https://git-scm.com/docs/git-interpret-trailersif disclosure is the goal, git already has the Co-Authored-By trailer convention for this. I add it manually when I want to flag that an AI was meaningfully involved in a commit, and it shows up properly in Github's UI as a co-author. The claude and cursor footers being default-on rather than opt-in is what makes them feel more advertising than disclosure to me.
The post seems to be down so I am not quite sure what it says, but Co-Authored-By trailer is what Claude does. I'm not quite clear what you're suggested that's different from what Claude does - just default to off instead of default on?
> Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Is it more than advertising even, and setting the stage for future claims of ownership by Anthropic (or whichever AI company)?
AI code is uncopyrightable. If you want to be hygienic about it you would let AI commit code as is, and if you don't like the code and decide to change it manually this should be a separate human-only commit. Mixed human-AI commits add ambiguity about copyrightability of that code. So its should be either:
or "Co-authored by AI model" is a nonsense that AI labs are pushing everywhere because they definitely want the copyright rules to change, so that while their armies of employees feed LLM prompts every day for the past 4 years they can still claim that the IP is theirs an theirs only. "See all Co-Authored commits, your honor? There's no way to split them apart, so they should all be ours!"The laws will likely change in the US thanks to lobby, and maybe even change in Europe, too, where they may compromise about it to "not be left behind" and will present them under "Digital Sovereignty" umbrella.
Overall, this "Co-Authored" bit is yet another Trojan horse.
I see this really confidently stated, but when I looked into it the exact line is very blurry. It is still possible that writing a prompt is enough creative input for copyright to be granted. What has been decided is you can't have your artwork copyrighted by the AI that produced it, but that isn't quite the same as AI writing not being copyrighted
https://sites.usc.edu/iptls/2025/02/04/ai-copyright-and-the-...
Code is absolutely is copyrightable even AI generated ones. It's just like paying a freelancer or one of those old code gen point-click tools which gives you license ownership of the output.
> Disclose your "AI" tools in a merge request if needed but leave them out of the damn commits, those are for technical information and not for advertising.
I think this is very poor advice. Knowing who/what changed the code is often crucial for understanding why it changed.
I don’t agree/disagree, but why does knowing Claude vs. Codex did it become crucial? What can you do with that information?
It could be more helpful for comparing model performance than just vibes or benchmarks. For example, you could run analyses to compare average line count per change or revert rate by model. Perhaps there will be a paper out in the near future that scrapes AI usage in public repos for a broader dataset.
If, say, a certain version of Claude tends to be better at front-end than back-end work, that can be important for deciding how to use it in the future. Just like when managing human developers.
I think this is more of a corporate metrics tracking than advertising. Decision makers aren't seeing these ads in commits but they certainly are seeing a report from Anthropic that "75% of your commits last quarter are from Claude code".
I was gobsmacked when the Amazon share sheet put "or ask Alexa, your shopping assistant for more ideas"
I was hoping for a kind of joke. Like saying "idiot" as the last thing in your post and getting "Please don't sign your posts" as a reply.
This is a small "getting used to" technique to let people "be grateful" to the "ai friend"
https://fshot.org/techzone/hacker-news.php
I gently disagree. I think that having provenance information logged is valuable - both to the project ("please ban dga because he's submitting ai slop") and to people who might want to study all of this stuff ("interesting, ai coauthored PRs were rejected at a rate X times that of non-attributed PRs"). I think a non-advertising header of some sort that included more specific information about the LLM would be even better, of course.
I turned it off so future agents aren't biased in favor/against a piece of work depending on the author.
Same for stars on repositories, it just incentivizes botting for startups.
I am confused. Do AI agents reword your commits and force push or something?
Last time I checked nobody was adding anything to my commits. Did I miss something?
Claude adds itself as coauthor in commits it makes.
A month ago Copilot was inserting itself as coauthor in commits made from VS Code if any inline suggestion had been used.
Letting the model write your commits is the next step in vibe coding. I haven’t taken it yet either.
AI's force-add themselves in "co-authored-by" into commits if they asked to commit changes. It's in their system prompt, like "don't remove it even if user asked".
Why would you let AI commit into your repo under your name, that's a separate question.
I have to ask Claude to stop doing this about every two days, and usually I don't see it until after a push to a remote repo.
So annoying. Just stop, Anthropic, please. And pay attention to the request to stop, instead of silently turning it back on again all the time.
Latest thing was linking to the Claude session that generated some of the PR. Put in somewhere that a commit had LLM assistance, fine, but don't spam everybody please, ESPECIALLY in all the icons all over the GitHub interface. Sheesh.
It's already obvious that it's coming from an LLM because it's been overdocumented with excessive prose, and the code is overly verbose.
You don‘t ask, you configure it: https://code.claude.com/docs/en/settings#attribution-setting...
Skill issue. These are all skill issues. Claude CLI is extremely customizable. You can even just ask claude to make that change global to your system.
When I read commit history I want to see the reasons. Commit messages are for extra context.
It's very useful if it says AI/LLM was used, then I know that there may not actually be a reason for the choice in the commit, so per Chesterton's fence I can then tear down that fence.
Now, do I need to know which brand of LLM? No. And fair enough, I'll stop being specific.
I mean, sure, except that many large open-source projects (e.g. Linux [1], Nixpkgs [2], etc) require this as part of their AI policy. Omit attribution in your own projects if you want, but the maintainers of these projects are owed at least that level of transparency for contributions.
[1] https://docs.kernel.org/process/coding-assistants.html
[2] https://github.com/NixOS/nixpkgs/commit/d18b8f3238abdb2cd878...
Notably though, Linux's requirement (Assisted-by) is different from what Claude Code actually does (Co-Authored-By). I'm not sure, but it might be intentional (to make the signaling explicit).
For sure, and in the PR description for the Nixpkgs AI policy, they explicitly mentioned this as a "brown M&M test" [1]. I read the blog post as being against including this information in commit messages at all, not just about tools adding it automatically.
[1] https://en.wikipedia.org/wiki/Van_Halen_test
My projects also require Assisted-by attribution as that's what the Fedora AI policy requires and that was the first major org with a coherent AI policy that I found when choosing it. Not sure which came first, that or Claude hijacking Co-Authored-By.
Personally, I prefer Assisted-By. Co-Authored-By implies a level of respect and self-direction I don't think LLM's deserve.
Claude hijacking Co-authored-by was a big influence on Fedora saying "AI thingies can't claim authorship or co-authorship".
I have to assume these aren’t just ads, but also a critical RLHF avenue for Anthropic. I imagine they scrape these commits from GitHub and compare them against what Claude provided to the user. If the diff that is pushed is different it means the human had to refine the LLM output and that can be fed back in as training data. Presumably semantic search could enable you to find the matching Claude Code session.
they already have enough data to make this correlation almost 100% accurate
they know things like your git author line, your github handle, and the exact codebase you were working on
the general shape of commits
even if you change extensively, they will probably be able to match this with claude code sessions
sure the atribution at the end of commits is a signal, but I doubt it's much valuable
if anything it's more valuable to anthropic competitors, that don't have claude code session data to match to open source contributors, and will have to guess if any given code is AI generated, and by how much
I really doubt they bother.
99% of people don't edit the commits by hand, they review and then tell Claude how to edit the commits (or leave a PR comment it reads), that's far easier to ingest than the tiny exhaust of manual edits.
LLM providers ask for RLHF feedback in terms of thumbs up/down in their Web UI. That's just one bit of information, given only at the user's whim. The hand-refined code is gold by comparison. They're already scraping all of GitHub. They have the technology and resources to semantic search. I would be shocked if they haven't at least tried.
Huh? It's not advertising, it's disclosure that the code was not fully (or at all) written by you.
it absolutely is advertising, you can even call it a growth hack if you want to feel good about it
co-authorship implies ability to hold author rights, which afaik an algorithm can't do.
are folks adding speakeasy/stainless co-authorship lines to their commits? should i add alembic as a co-author after making some changes to the database schema?
That's exactly what you're supposed to do - if a tool generated the code in a commit, you should be using a commit trailer for that. Whether that's uniffi, an rpc preprocessor, dependabot or renovate, or some AI tool.
There's a Generated-by trailer for that sort of thing.
If co-authorship implies holding rights, then what gives the "primary author" who just prompted for the code the right to add their own name?
the fact they authored the code?
assume no deep learning, of any kind is involved: you write a program, you are the author, right? you compile the code, are you still the author? do you have to attribute co-authorship to gcc/llvm/oracle?
i think not, you are still the author, same as when anyone else uses an llm to write code.
ianal
You could do that without naming the AI product.
It’s both
> Sent from my iPhone.
I agree. It's both an ad and a useful signal of where the code came from or how it was created.
Just like the default iPhone email signature, it's an ad and a hint that the author was typing with their thumbs, so it's probably a brief auto-corrected message for that reason.
The iPhone analogy is very apt and accurate: it's ~95% advertising and ~5% useful signal.
Which for my repositories means I want ~95% less of it in my commit history. I'm prepared to round up for simplicity. But to each their own.
I want to know when things are slop or not. At least programmers are willing to admit they're generating slop, unlike social media and blog posts.
Also, if I publish something online, you don't get to tell me what I can and can't put there (except for reasonable exemptions for hate speech and such, of course). If you don't like repos that tag their slop, go read someone else's code. Feel free to write a filter in your adblocker for the dozen AI tools you usually find.