The VS Code co-author incident asks the right question. But nobody's answered it yet.

You probably saw the VS Code 1.117 story: "Co-authored-by: Copilot" silently added to commits by default, including for code that Copilot never wrote. Microsoft reverted it in 1.119. Good.

But the revert is the wrong ending to the right story.

The developer anger was about consent and accuracy — both valid. What did not get picked up in the discourse was the architectural question underneath: even when Copilot does write code, a git trailer tells you almost nothing useful. It does not carry the prompt, the model version, the temperature, the insertion timing, the correlation confidence, or any risk context. It just says "an AI tool existed in this editor."

That is not an audit trail.

I have been building LineageLens to capture provenance at insertion time — before the diff ever hits git. Each insertion generates a structured record with roughly 40 fields: four timestamps, the full prompt body, the raw model response, 10 named capability slots indicating what was captured versus what went missing, a correlation confidence score, and the tool/provider/model that generated the code.

The design constraint is simple: everything that matters about a generation event either exists at insertion time or it never exists. By the time you are in a commit message, the prompt is gone. The model parameters are gone. The timing relationship is gone.

Here is what I would like to know from other makers: has anyone built or shipped tools where this level of capture was part of the requirement? Or is the market genuinely still satisfied with commit-time labels?