You Cannot Retroactively Capture AI Code Provenance. Here Is What You Lose Every Day You Wait.
Source: Dev.to
There is a failure mode in AI code governance that does not get enough attention because it is invisible until it isn’t. It is not a vulnerability. It is not a misconfiguration. It is not something a security scan will catch. It is a gap in time: the period between “your team started using AI coding tools” and “your team started recording what those tools did.” Every line of You cannot go back. Retroactive provenance capture does not exist.
The One-Way Door
When a developer prompts Claude Code and accepts a suggestion, the following information exists briefly in memory and in transit: The full prompt sent to the model The model identifier and version The generated code, before any human edits Whether the insertion was accepted, rejected, or applied with modifications The file path and surrounding context at the time of generation At the moment the developer’s editor applies the change and moves on, most of that information disappears. Git records the diff and the commit author. The commit is not the generation event. These happen at different times with different context. Understanding this distinction is the precondition for any If you were not capturing at the moment of generation, you were not capturing. There is no reconstruct operation.
What You Actually Lose
Let’s be specific about what “unattributable” means in practice. Scenario 1: The incident trace. Scenario 2: The compliance question. If you have been capturing since January, you have a full audit trail. If you started capturing this week because someone asked the question, you have a Scenario 3: The departing engineer.
What Starting Looks Like — Zero Configuration Required
The reason the irreversibility argument matters so much is that the cost of starting is zero. LineageLens Base installs in one command and starts capturing immediately: code —install-extension karnatipraveen.lineagelens-base No backend. No proxy. No account. No configuration. No API key. The extension activates the moment it installs. It hooks into VS Code’s onDidChangeTextDocument event and watches for insertions of 4 or more lines. When File path and language Inserted code block Net lines added Confidence score (0.0–1.0) Source classification (cursor, copilot, unknown, etc.) UTC timestamp Records are stored in VS Code global state — a local JSON store on the developer’s machine. No data leaves the machine. Status bar shows LL: Easy (local). From this moment forward, every AI insertion of 4+ lines has a record. The record is sparse (no prompt, no model name — those require the proxy) but it
Upgrading Record Quality Without Reinstalling
When you want full prompt and model capture, add the Lite proxy alongside it: git clone https://github.com/karnati-praveen/lineagelens Open http://localhost:8787/setup, create your admin account in three browser steps, then set one environment variable: export ANTHROPIC_BASE_URL=http://localhost:8788 http://localhost:8788 The extension polls /proxy-health every 30 seconds. When it detects the proxy, the status bar switches from LL: Easy (local) to LL: Power automatically. Records captured in Easy Mode before the proxy was running remain in the store with capture_status: file_diff and confidence ~0.35. They are not
The Confidence Gradient
Here is what record quality looks like across capture configurations: Capture mode capture_status Confidence Prompt captured? A file_diff record at confidence 0.35 is not a rich provenance record. But it is infinitely better than no record for a specific reason: it is timestamped When an incident occurs six months later and you are tracing a bug to a specific block, a file_diff record tells you approximately when this code appeared
For Teams: The Asymmetry Compounds
If your team has ten developers using a mix of Cursor, Copilot, and Claude Code, and none of them are running LineageLens, you have a growing body of LineageLens Lite adds a shared backend without requiring Postgres: bash lineagelens-scripts/quickstart-lite.sh Single Docker container. SQLite. Runs on a $5 VPS or a spare machine. The setup wizard creates the admin account and workspace in three browser steps.
The Direct Argument
LineageLens might be the right tool for your team or it might not be. That is worth evaluating. But the evaluation should happen today, not when you *code —install-extension karnatipraveen.lineagelens-base
After you try it: what is the oldest piece of AI-generated code in your codebase that you cannot explain the origin of? How far back does your unattributable window go?