Predicate Specification
dev.pedigree/ai-authorship/v1
Status: DraftVersion: 1.0.0Date: 2026-05-16
Abstract
This document specifies the dev.pedigree/ai-authorship/v1 predicate type, an extension of the in-toto Attestation Framework designed to record the provenance of AI-authored source code. Every commit produced by an AI agent carries an attestation containing this predicate. The attestation binds the commit SHA to a structured record of who wrote the code, which model generated it, what instructions governed the agent, and whether a human approved the result.
Predicate Fields
| Field | Type | Description |
|---|---|---|
| schemaVersion | string | Always "1.0.0" |
| authorship.kind | enum | "human" | "ai-assisted" | "ai-autonomous" |
| authorship.humanShare | number|null | Fraction of human contribution [0.0, 1.0] |
| authorship.humanApprover | object|null | OIDC identity of the human who approved |
| agent.tool | string | AI tool name (e.g. "ibm-bob", "cursor") |
| agent.model | string | Model identifier (e.g. "granite-3.3-8b-instruct") |
| agent.modelProvider | string | Provider hosting the model (e.g. "watsonx.ai") |
| execution.modeSlug | string | The Bob Mode slug active during generation |
| execution.skillHashes | array | SHA-256 hashes of Skill content files |
| execution.agentsMdHash | string | SHA-256 hash of AGENTS.md at commit time |
| execution.promptHash | string | SHA-256 hash of the prompt/instruction |
| scope.filesTouched | string[] | Relative paths of files modified |
| scope.riskClass | enum | "low" | "medium" | "high" |
| policy.satisfied | boolean | Whether the AGENTS.md policy is satisfied |
Authorship Kinds
human-- The commit was written entirely by a human. Theagentandexecutionsections may be absent.ai-assisted-- A human and AI agent collaborated.humanSharerecords the estimated human contribution.humanApproveridentifies who reviewed the AI output.ai-autonomous-- The AI agent generated the commit independently.humanShareis null. The agent may still require policy approval.
Validation Rules
authorship.kindMUST be one of the three defined values.- All SHA fields MUST be lowercase hex, prefixed with
sha256:exceptdigest.sha1. scope.riskClassMUST be one oflow,medium, orhigh.policy.satisfied === falseMUST cause CI to fail.- When
kind === "ai-assisted",humanShareMUST be in [0.0, 1.0].
Security Considerations
- Predicates MUST be signed via DSSE. Unsigned predicates carry no trust.
- The
skillHashesarray provides tamper evidence for workflow definitions. A changed Skill produces a distinguishable attestation. - The
agentsMdHashfield ensures the policy document has not been modified between attestation creation and verification.