$ humancov scan AI-Provenance Scan ================== Total files scanned: 42 AI-generated: 28 Human-written: 10 Mixed: 2 Unknown (no header): 2 Of AI files: Reviewed: 21 / 28 (75%) Tested: 8 / 28 (29%)
Add headers to the top of your files. Works with 30+ languages automatically.
Run the command and get a full report. Binaries and ignored paths are skipped automatically.
Review AI code, set Reviewed: true. Everything updates automatically.
Run humancov init to detect your AI tool config files (or modern rule directories) and inject provenance instructions automatically.
$ humancov init done: CLAUDE.md (Claude Code instructions added) done: AGENTS.md (cross-tool instructions added) done: .cursor/rules/humancov.mdc (Cursor rule file created) skip: .windsurfrules (already has AI-Provenance instructions) 3 file(s) updated.
npm install --save-dev humancov
click to copy
Install as a dev dependency. Requires Node >= 18. Zero config. Single dependency.
A local git hook that auto-updates the badge and .humancov manifest before every commit. Zero manual work to keep your README and manifest in sync.
git commitRegenerates .humancov from your file headers and stages it.
Replaces the human-reviewed shields.io URL with the fresh percentage.
Both .humancov and README.md updates land in the same commit.
Run humancov init and your AI tool will propose installing the hook for you. Manual setup: create .git/hooks/pre-commit, paste the snippet from the README, and chmod +x it.
Note: .git/hooks/ is local and not shared via git. Each contributor installs it once on their machine (or uses husky to share it).
| Key | Required | Values | Description |
|---|---|---|---|
AI-Provenance-Origin |
yes | ai human mixed |
Who wrote the file |
AI-Provenance-Generator |
no | free-text | Tool used (claude-code, copilot...) |
AI-Provenance-Reviewed |
yes | true false partial |
Human review status |
AI-Provenance-Tested |
no | true false partial |
Human test status |
AI-Provenance-Confidence |
no | high medium low |
Reviewer confidence |
AI-Provenance-Notes |
no | free-text | Any context |
humancov auto-respects your .gitignore - zero setup. For humancov-specific exclusions on top, create .humancov-ignore at the repo root (same gitignore syntax).
Resolution order: built-in defaults → .gitignore → .humancov-ignore.
# exclude docs, lockfiles, build output *.md LICENSE *.lock dist/ coverage/
Default ignores: node_modules/, .git/, .humancov, .humancov-ignore, *.md, *.lock, LICENSE, .gitignore, .github/.
$ humancov scan --badge https://img.shields.io/badge/human--reviewed-75%25%20of%20AI%20files-green 
# .github/workflows/provenance.yml name: AI Review Check on: [push, pull_request] jobs: check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 - run: npx humancov scan --check 80
Fails your build if not enough AI code has been human-reviewed.
.humancov file.humancov manifest generates a TSV summary of all files with provenance headers. File headers are the source of truth - if both exist and conflict, headers win.
# .humancov # file origin reviewed tested generator confidence src/scanner.js ai true false claude-code high src/parser.js ai false false claude-code - lib/utils.py human true true - -
$ humancov scan # scan repo, print report $ humancov scan --json # output as JSON $ humancov scan --badge # shields.io badge URL $ humancov scan --check 80 # CI gate: fail if < 80% $ humancov manifest # generate .humancov file $ humancov init # add instructions to AI tool configs $ humancov --version # print version