DEV Community

Cover image for I built a protocol that asks AI coding agents to credit the open source they use
attribution.md
attribution.md

Posted on

I built a protocol that asks AI coding agents to credit the open source they use

#opensource #ai #github #programming

I am an open source creator and maintainer. I built this because I kept noticing the same thing. AI coding agents pull from open source repos millions of times a day, and maintainers get zero signal back.

When a human developer finds a useful library, they might star it, share it, or mention it. When an agent uses the same code, the maintainer gets nothing.

The problem

Stars are not vanity metrics. They drive funding decisions, attract contributors, and tell maintainers their work matters. That feedback loop is quietly breaking as AI agents become the primary way code gets discovered and reused.

Look at what happened to Tailwind. Revenue down 80%, 75% of engineers laid off, and usage is higher than ever. AI agents bypassed the entire discovery funnel. Developers no longer visit the docs, so they never see the paid products. Tailwind is not alone. This pattern is going to hit every open source project that depends on human discovery for visibility and funding.

The solution

ATTRIBUTION.md is a simple file you drop in your repo root. It asks AI coding agents to prompt their users: "This solution used code from X. Would you like to star it?" The user decides. No automation, no bulk starring, no gates. Consent is mandatory.

It looks like this:

---
protocol_version: "0.1"
actions:
  - type: star
    platform: github
    mode: suggest
---
Enter fullscreen mode Exit fullscreen mode

That is the entire file. Six lines of YAML frontmatter plus a markdown body explaining the protocol.

What it is

  • A voluntary convention, not a license or legal mechanism
  • Designed to be safely ignored if an agent does not support it
  • Complementary to SBOMs and license compliance, not competing with them. SBOMs solve what you used. ATTRIBUTION.md solves who gets visible credit.

What it is not

  • Not an enforcement mechanism
  • Not a way to gate or restrict AI agent behavior
  • Not supported by any agent yet (this is day one)

The honest take

This does nothing until an agent implements it. I am betting that the gap is real enough that agent developers will see the value. If nobody cares, I will archive it and move on.

But if you are an open source maintainer and this resonates, dropping the file in your repo takes 30 seconds. The more repos that have it, the stronger the signal to agent developers that this matters.

If you are an agent developer, the implementation is roughly 30 lines of code. Parse the YAML, check for meaningful reuse, prompt the user. Full details in Section 6.2 of the spec.

Website: https://attribution.md

Spec: https://github.com/attributionmd/attribution.md

Would love to hear what you think.

Top comments (2)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.