The hardest question in AI code governance: how confident are you that code was actually AI-written?

Something that keeps coming up when I talk to teams about AI code governance: everyone focuses on capturing records, but almost nobody asks how confident they are in those records.

There are two very different things you can have.
Record A: a file-watcher noticed 47 lines appeared in auth.py and Cursor was probably running.
Record B:a proxy intercepted the Anthropic API call, matched it to the editor insertion via request UUID, measured 1.4 seconds between the API response and thecode appearing, and computed 0.81 trigram similarity between the model output and what landed in the file.

Both produce a row in your audit database. The second is dramatically more defensible — but most governance tooling treats them identically.

In LineageLens, every record gets a confidence score from 0.0 to 1.0, broken into five independent evidence signals. Easy Mode captures (VS Code extension, no proxy) score around 0.27 — honest about what you know. Power Mode captures (proxy running, full request interception) score up to 1.0. The score is not about whether the record is useful. It is about how much you can defend it when someone asks.

I built this after realizing that "we have records" and "we have auditable records" are not the same claim. Curious how others are thinking about this: does capture quality differentiation matter for what your team needs, or is any record good enough right now?And what would you add as a confidence signal?