Web App
Coauthor
Point Coauthor at a GitHub repo and get an evidence-backed report of how much of the code that exists today was written by humans versus specific AI tools - Claude, Codex, Copilot, Gemini, Mindlap, other AI - broken down by author, file type, and time.
Want the codebase? Get the Git repo emailed to you.
About this project
Coauthor is a web app, built end-to-end by the agent factory, that measures how much of a codebase is AI-written versus human-written. Point it at a GitHub repo and it runs line-level git blame on the current tree, classifying every surviving line as human or a specific AI tool - Claude, Codex, Copilot, Gemini, or Mindlap - so the report reflects the code that exists today, not historical diffs. The result is an interactive report (headline share, AI-vs-human donut, timeline, file-type and per-developer breakdowns) where every attribution traces back to a commit and the rule that matched it. The FastAPI backend is stateless and ephemeral - it clones, analyses, returns the report, and deletes the working copy, so it is safe to run against private repos.
Demo
At a glance
3h
Agent hours
20M
Tokens
1
Laps
10
Stories
20M
tokens
Others · 100%
Tokens by stage
Implement
14M
Code Review
3M
Merge
2M
patch-merge
1M
Pipeline
Stage
Runs
Tokens
Duration
Implement
9
14M
1.6h
Code Review
5
3M
0.5h
Merge
4
2M
0.4h
patch-merge
3
1M
0.2h
Engines used
Others
Tokens
20M
Runs
23
Agent hours
3h
Success
91.3%
Agent team
developer
22 runs · 2.6h
18 passed · 4 failed
engineering_manager
5 runs · 0.5h
4 passed · 1 failed
Artifacts
Feature Spec
markdownCoauthor - Feature Spec
One-liner: Point Coauthor at a GitHub repo and get a report of how much of the code that exists today was written by humans versus specific AI tools (Claude, Codex, Copilot, Gemini, Mindlap, other AI), broken down by author, file type, and time.
What this project is
Coauthor is a web app that measures the AI-vs-human authorship of a codebase. You give it a GitHub repository URL (and optionally a branch and a personal access token for private repos); it clones the repo, runs line-level git blame on the current state of the code, classifies every line's author into a source bucket - human, or a specific AI tool such as Claude, Codex, Copilot, Gemini, or the Mindlap factory - and renders an interactive report: headline share, a donut, a timeline, a file-type breakdown, a per-developer table, and drill-in evidence for every AI attribution.
The problem it solves
AI coding assistants now write a large and fast-growing share of production code, but that contribution is invisible. Standard tools don't answer the questions teams actually have:
- How much of our shipped codebase is AI-generated - today, not in aggregate over history? Commit counts and additive "lines ever written" stats lie: churned-away code and re-written lines inflate them. What matters is the code that survives in the repo right now.
- Which tools, and which people? "AI wrote X%" is too coarse. Teams want to know which assistants (Claude vs Copilot vs Codex vs an internal factory) and which developers lean on them, and how much.
- Can we trust the number? A percentage with no receipts is unconvincing. Every attribution needs traceable evidence - the commit, the matched signal (email, name, or
Co-Authored-By:trailer). - Without standing up infrastructure. No agent installed in every repo, no database of history, no data retention. Just point it at a repo and get an answer.
Why it was built
- Attribution that reflects reality. Coauthor uses last-touch blame on the current tree rather than summing historical diffs, so the report reflects the code that exists today - the honest denominator for "how much of this is AI."
- Tool- and person-level granularity. Classification distinguishes individual AI sources and preserves each human developer's row (with an
ai_assistedcount), so the report supports real conversations about how a team works, not just a single vanity metric. - Trust through evidence. Every AI-bucketed line traces back to a commit and the exact rule that matched it, surfaced in an evidence drawer - the number is auditable, not asserted.
- Zero-footprint by design. The backend is stateless and ephemeral: it clones, analyses, returns the report, and deletes the working copy. No database, no history store, PATs scrubbed from logs and remotes - so it's safe to run against private repositories.
Who it's for
Engineering leaders, factory/platform teams, and developers who want an honest, tool-aware, evidence-backed picture of how much of a codebase is AI-authored - to track AI adoption, report on it, or simply understand where the code is coming from.
1. Architecture
- Backend - FastAPI (Python >=3.11). Stateless: no database, no queue, no job persistence. A single synchronous request runs the entire pipeline in-process and returns the full report inline.
- Frontend - React 18 + Vite + TypeScript, TanStack Query, Recharts, Tailwind (Halo design-system tokens). Calls the backend through a typed SDK generated from the backend's OpenAPI schema (
frontend/src/client/, committed to the repo). - Deploy - Single container to Cloud Run. FastAPI serves
/api/*and the built SPA from the same origin (frontend/distmounted when present).
2. Core mechanism
The product logic lives in backend/app/analyzer/.
- Clone - Shallow, single-branch clone of the target repo into a temp directory (
cloner.py). The directory isrmtree'd after analysis; nothing persists. - Blame, not log - For every non-excluded file at the branch tip, run
git blame -w -M -C --line-porcelainto attribute each currently-existing line to its last-touch commit (blamer.py). This answers "what fraction of today's code is AI-written" rather than "how much line-effort happened over time." - Classify - Each commit identity is mapped to a bucket via regex rules on author name/email (
classifier.py), evaluated in priority order:mindlap->claude->codex->gemini->copilot->other_ai(cursor / devin / sweep / replit) ->human(fallback). Matches on email (e.g.noreply@anthropic.com), name (e.g.claude), andCo-Authored-By:trailers. Mindlap is checked first so a Mindlap-factory commit co-authored by a raw model is credited to the factory. - Effective identity - If a human authored a commit but an AI is a co-author, the line is credited to the AI bucket, while the developer row stays with the human and records an
ai_assistedline count. - Branch-diff mode - If the analyzed branch is not the repo default, only lines whose last-touch commit is unique to
base..branchare counted. This answers "what did this branch contribute?" instead of counting its whole inherited history. Falls back to full-history blame if the base ref can't be resolved.
3. Filtering
filters.py excludes noise before aggregation:
- Lockfiles -
package-lock.json,yarn.lock,pnpm-lock.yaml,poetry.lock,Cargo.lock,go.sum, etc. - Binaries - images, fonts, media, archives, documents (by extension).
- Vendor / build dirs -
node_modules/,vendor/,dist/,build/,.next/,target/,__pycache__/,.eggs/. - Generated globs -
*.min.js,*.min.css,*.map,*.tsbuildinfo,*.egg-info/**. .gitignorematches in the target repo.
4. API
| Endpoint | Purpose | Rate limit |
|---|---|---|
POST /api/analyze | Full clone -> blame -> classify pipeline; returns the report inline | 5 / minute |
POST /api/branches | List remote branches + default branch (feeds the branch picker) | 10 / minute |
GET /healthz | Health check -> {"status":"ok"} | - |
- Auth - Optional GitHub PAT (
ghp_...orgithub_pat_...), wrapped inSecretStrand scrubbed from logs and git remotes. Public repos analyse anonymously. - Error shape -
{"error": {"code", "message"}}; FastAPI 422 validation surfaces as{"detail": [...]}. - OpenAPI - Disabled in production (
openapi_url=Noneinmain.py); temporarily re-enabled locally to regenerate the SDK.
5. Report payload -> UI panels
The ReportResponse payload drives these panels (frontend/src/components/report/):
- KpiRow - Headline totals and AI-vs-human share.
- AiVsHumanDonut - Bucket split of total lines.
- TimelineChart - Daily lines per bucket, re-bucketed into day/week/month bars across 1w-1y ranges.
- FileTypeBars - Added lines per file extension, split by bucket.
- AuthorBreakdown - Per-developer rows (lines, commits,
ai_assisted, bucket badge, bot flag); sortable, paginated (25/page), with drill-in to evidence. - SourceContributionPanel - Per-developer AI-tool usage over 24h / 3d / 7d / 30d windows ("factory contribution").
- EvidenceDrawer - Sample commits with the matched classifier rule (the why behind each bucket).
- Export - Report -> PDF (html2canvas + jsPDF).
States handled: loading skeleton, empty (0 analysable commits), no-AI-activity, and error. The report is cached in sessionStorage keyed by job ID.
6. Buckets
| Bucket | Label | AI? | Detection |
|---|---|---|---|
human | Human | no | fallback |
mindlap | Mindlap | yes | agent@mindlap.dev / Mindlap Agent trailer |
claude | Claude | yes | noreply@anthropic.com, name claude |
codex | Codex | yes | openai / codex / chatgpt |
gemini | Gemini | yes | gemini / jules |
copilot | Copilot | yes | github-copilot, copilot[bot] |
other_ai | Other AI | yes | cursor / devin / sweep / replit |
7. Design decisions & caveats
- Last-touch attribution - A refactor re-credits touched lines to the refactorer, not the original author. Documented tradeoff.
- Identity dedupe - Keyed on lowercased email (falls back to name), so one person committing under multiple
user.namevalues collapses into a single row. - Fully ephemeral - Every request re-clones and re-analyses; nothing is stored server-side between requests.
- PAT safety - Tokens never touch logs or the on-disk remote (scrubbed in
cloner.py+log_filter.py).
8. Local run
# Backend (default port 8000)
cd backend && uv venv && uv pip install -e ".[dev]"
.venv/bin/uvicorn app.main:app --reload --port 8000
# Frontend (port 5173)
cd frontend && pnpm install && pnpm run dev
The frontend targets http://localhost:8000 in dev; override with VITE_API_BASE_URL if the backend runs on a different port.