See how much of your code AI wrote, and whether you can trust it.
repowise attributes commits to the agents that wrote them, then shows which of that code is a low-health hotspot owned by a single person. From your git history alone. No IDE plugins, no developer surveillance.
A growing share of your codebase is now written by AI agents, and almost no one can tell you which code that is, or whether it is the code most likely to break.
Knowing your repo is 40-something percent AI-written is a headline, not a plan. The signal that matters is narrower and sharper: AI-written code that is also a low-health hotspot owned by a single person. repowise computes that intersection from git history alone, with no plugins to install and no developers to watch.
From a percentage to a risk surface.
Attribution, fused with the defect-validated health score and bus-factor ownership, all from history.
Commit attribution by agent, from git history alone
repowise reads your existing git history and attributes commits to the AI agents that produced them. No IDE plugin, no keystroke capture, no model deciding authorship. The result is your true AI-code footprint across the codebase, computed deterministically from the same log you already have.
- Attribution inferred from commit metadata, trailers, and agent signatures
- Works retroactively across your entire existing history
- No IDE plugins and nothing installed on developer machines
- Covers contractors and past contributors, not just instrumented engineers
The fusion nobody else has
Provenance on its own is a vanity metric. The AI-debt radar intersects three signals already in repowise, AI authorship, the defect-validated health score, and bus-factor ownership, to rank the AI-written code most likely to bite: code that is AI-generated, low-health, and owned by a single person.
- AI-written, low-health, and single-owner, ranked together
- Tied to the 1 to 10 health score validated against a real defect corpus
- Bus factor flags files owned more than 80% by one author
- The actual risk surface, not the raw percentage of AI code
Not a number in isolation
Agent provenance lives next to the rest of repowise, so an AI-authorship flag is never an island. It sits on the same surface as the defect-validated health score, hotspots, co-change coupling, and bus-factor signals, which is what turns it from a statistic into something a team can act on.
- Health: the same 25-biomarker score that surfaces 2.3x the defects under a fixed review budget
- Ownership: primary owner and bus-factor risk per file from git blame
- Hotspots: top 25% of both churn and complexity
- Surfaced in get_risk and in PR reviews where the work happens
It reads commits. It does not watch people.
This is a directional risk signal for the codebase, not a per-developer productivity ledger. The unit of analysis is the file and the agent, never the engineer's hour. The question repowise answers is which AI-written code is risky, not who typed fastest, and the design holds to that line on purpose.
- Risk lens on files and agents, not a productivity ledger on people
- No keystroke capture, no time-on-task, no per-developer ranking
- Directional signal, deliberately not sold as a precise measurement
- Built so it cannot be turned into surveillance
From git history to the radar.
Index
repowise parses your repo into a graph and reads its git history. No code is sent anywhere, nothing is installed on developer machines.
Attribute
Commits are attributed to the AI agents that wrote them from history alone, retroactively across everything you already have.
Fuse
AI authorship is intersected with the defect-validated health score and bus-factor ownership to find the code most likely to bite.
Act
The AI-debt radar ranks AI-written, low-health, single-owner files so leaders and reviewers know where to look first.
One signal, everywhere it helps.
In your AI agent
get_risk surfaces AI-authored hotspots and what to check first, over MCP, alongside health and ownership.
On every PR
The Repowise PR Bot can flag when AI-written code lands in a low-health, single-owner file, deterministically.
In the dashboard
Your AI-code footprint per module, ranked by the AI-debt radar rather than raw percentage.
For leaders
A board-ready view of where AI-generated code concentrates risk, tied to the defect-validated score.
For prioritization
The AI-written, low-health, single-owner intersection, ranked, so reviews go where the risk actually is.
For governance
Honest, directional risk reporting on AI authorship, with no developer surveillance built in.
Research tools tell you AI code is riskier in general. Line-attribution tools only work going forward. Instrumentation platforms need org-wide IDE rollout and heavy contracts. repowise reads your existing history and ties AI authorship to a defect-validated health score and ownership, today.
Questions, answered
How do you know which agent wrote the code?
repowise reads it from your git history alone. Commit metadata, trailers, author and committer identities, and the signatures coding agents leave behind let repowise attribute commits to the agents that produced them. There is no IDE plugin, no keystroke capture, and no model in the loop deciding who wrote what. It is the same git log you already have, read more carefully.
Is this developer surveillance?
No. Agent provenance is a risk-management signal for the codebase, not a per-developer productivity ledger. It reads commits, it does not watch people. The unit of analysis is the file and the agent, not the engineer's hour. We deliberately frame it that way: the question is which AI-written code is risky, not who typed fastest. It does not measure output per person, and it should never be used to.
Does it work on our existing history?
Yes, retroactively. Because attribution is computed from git history rather than live instrumentation, repowise can analyze the code AI already wrote, all the way back through your existing commits. You do not have to install anything and wait for new data to accumulate. The AI-code footprint is visible on day one.
Do you need IDE plugins or agents installed on developer machines?
No. Zero IDE plugins are required. Faros and Jellyfish-style platforms need org-wide IDE instrumentation rolled out to every engineer before they have data. repowise needs nothing on developer machines because it derives everything from the repository, which means it works across contractors, past contributors, and repos you did not instrument.
How accurate is the attribution?
It is a directional risk signal, tied to the defect-validated health score and ownership, not a precise per-developer productivity ledger. Attribution is inferred from git history, so it is strongest where agents and tooling leave clear commit signatures and weaker where authorship is obscured by squashes or rewrites. The value is in the fusion: AI-written code that is also a low-health hotspot owned by a single person is the code most likely to bite, and that ranking holds up even when any single attribution is approximate.
What is the AI-debt radar?
It is the fusion nobody else has: AI-written code that is also a low-health hotspot owned by a single person. Provenance on its own is a vanity metric. The radar intersects three signals already in repowise, AI authorship, the 1 to 10 defect-validated health score, and bus-factor ownership, to rank the AI-generated code most likely to cause an incident. That intersection is the actual risk surface, not the raw percentage of AI code.
How is this different from GitClear?
GitClear publishes industry research on AI-code trends, but it does not attribute code to the specific agents in your repo or fuse that with a defect-validated health score and bus factor. git-ai-style line attribution only works going forward, from the moment you install it. Faros and Jellyfish need org-wide IDE instrumentation and heavy contracts. repowise reads your existing history, attributes commits to agents, and ties AI authorship to health and ownership, today.
Why does AI-written code need its own risk lens?
Industry-wide, roughly 42% of code is AI-written in 2026, and studies report roughly 1.7x more issues in AI-generated code than human code. A growing share of your codebase is being produced by agents that do not carry the context a long-tenured engineer would. When that code also lands in a low-health file owned by one person, the usual safety nets, review familiarity and shared ownership, are thinnest exactly where the risk is highest. The radar surfaces that intersection before it ships an incident.