DEV Community

Sam Rivera
Sam Rivera

Posted on

Build a 30-Line Provenance Log for AI-Generated Code

“Control the ideas, not the code” is trending today. For a small team, the practical question is how to preserve decisions when code becomes cheap to regenerate.

Use an append-only JSONL log. It should record the task, constraints, model or tool, input commit, accepted output commit, verification command, and human decision—never raw secrets or an entire private prompt.

import { appendFileSync } from "node:fs";
import { execFileSync } from "node:child_process";

const git = (...args) => execFileSync("git", args, { encoding: "utf8" }).trim();
const entry = {
  at: new Date().toISOString(),
  task: process.argv[2],
  constraints: process.argv[3].split(","),
  input: git("rev-parse", "HEAD"),
  verify: process.argv[4],
  decision: "pending"
};
appendFileSync(".provenance.jsonl", JSON.stringify(entry) + "\n");
Enter fullscreen mode Exit fullscreen mode

Commit the log beside an architecture decision record. After review, add a second event containing the output commit, test result, reviewer, and accept/reject reason. Events are safer than rewriting history because retries and reversals remain visible.

This does not prove authorship, correctness, or license compatibility. It creates a searchable chain from intent to evidence. That chain lets you replace a model, regenerate an implementation, or explain why a strange constraint exists six months later.

The durable asset is not a pile of generated lines. It is the verified intent that makes those lines replaceable.

Top comments (0)