Git-annex removes AI code to ensure software safety

Git-annex has removed all AI-generated code from its software, a process that took 100 hours. This is a big change for how software is made.

Joey Hess, lead maintainer of the data management tool git-annex, has concluded a 100-hour audit to excise all machine-synthesized code from the software's dependency chain. This effort establishes a policy wherein the project must remain buildable exclusively using versions of libraries that pre-date the integration of Large Language Model (LLM) output.

The core tension lies in the erosion of authorship transparency and the legal ambiguity surrounding machine-generated artifacts.

StrategyGoalTrade-off
Human-OnlyAuditabilityLower development velocity
LLM-IntegratedSpeed/EfficiencyLoss of lineage and security control
  • The initiative responds to instances where dependencies incorporated automated code—sometimes including segments scraped from external projects—without clear attribution or licensing compliance.

  • Hess argues that the current landscape of open-source development necessitates a granular review of the entire dependency tree, a burden previously unheard of in software maintenance.

  • Projects are encouraged to report instances where modern dependencies force the inclusion of automated code, allowing for the potential removal or pinning of these modules to older, human-verified versions.

"LLM generated code in free software is a potential landmine. Needing to review a program's whole dependency tree on an ongoing basis is apparently what programming has come to." — Joey Hess, git-annex blog.

The Cost of Velocity

The move toward strict Human Authorship is a reaction to a growing industry habit of using LLM prompts to bypass traditional refactoring or styling work. While these tools offer short-term gains in 'productivity,' they introduce opaque blocks of text into repositories. This practice complicates security audits, as automated code lacks the discernible logic and intent that a human programmer typically imprints upon their work.

Read More: Meta AI agent development slows down as of April 2026

Broader Implications

The git-annex position reflects a deeper, uncomfortable transition in software engineering. As reliance on automated systems grows, the gap between functioning code and comprehensible code widens. By requiring signed commits or strict metadata regarding human authorship, maintainers are attempting to reclaim the provenance of their systems. This manual labor—100 hours of dependency scrubbing—serves as a physical manifestation of the skepticism surrounding the integration of non-human intelligence into critical software infrastructure. As of today, April 7, 2026, the viability of this "human-only" standard remains a friction point between those prioritizing rapid deployment and those insisting on verified lineage.

Frequently Asked Questions

Q: Why did git-annex remove machine-synthesized code?
Git-annex removed AI-generated code because it can cause problems with authorship transparency and legal issues. The project wants to ensure all code is written by humans and can be clearly understood.
Q: What does this change mean for git-annex users?
Users can be more confident that the software's dependencies are secure and have clear origins. The project will only use library versions that existed before AI code was added.
Q: How much work was involved in removing the AI code?
The lead maintainer spent 100 hours auditing and removing all machine-synthesized code from the software's dependencies. This effort highlights the growing need to check code sources.
Q: What is the main problem with using AI-generated code in software?
The main problem is that AI code can be hard to track, understand, and check for security flaws. It also raises questions about who owns the code and if it follows licensing rules.