whogitit 1.0.0

Track AI-generated code at line-level granularity
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

# Configuration

whogitit is configured via a TOML file (`.whogitit.toml`) in your repository root or globally at `~/.config/whogitit/config.toml`.

## Configuration File Location

whogitit looks for configuration in this order:

0. **Environment override**: `WHOGITIT_CONFIG=/path/to/config.toml` (if set)
1. **Repository-local**: `.whogitit.toml` in the repository root
2. **Global**: `~/.config/whogitit/config.toml`
3. **Defaults**: Built-in default values

Repository-local configuration takes precedence over global configuration.
When `WHOGITIT_CONFIG` is set, it takes precedence over all other config locations.

If a configuration file is present but invalid, CLI commands will return an error so you can fix it.
Hook-based capture will log a warning and fall back to defaults to avoid breaking your workflow.

## Complete Configuration Reference

```toml
# .whogitit.toml

[privacy]
# Enable/disable redaction (default: true)
enabled = true

# Use built-in redaction patterns (default: true)
use_builtin_patterns = true

# Disable specific built-in patterns by name
disabled_patterns = ["EMAIL"]

# Enable audit logging (default: false)
audit_log = true

# Add custom redaction patterns
[[privacy.custom_patterns]]
name = "INTERNAL_ID"
pattern = "INTERNAL-\\d+"
description = "Internal tracking IDs"

[[privacy.custom_patterns]]
name = "PROJECT_SECRET"
pattern = "PROJ_[A-Z0-9]{16}"
description = "Project-specific secrets"

[retention]
# Maximum age of attribution data in days
max_age_days = 365

# Automatically purge old data on commit (default: false)
auto_purge = false

# Never delete attribution for commits reachable from these refs
retain_refs = ["refs/heads/main", "refs/heads/release"]

# Keep at least this many commits regardless of age
min_commits = 100

[analysis]
# Maximum pending buffer age in hours (default: 24)
max_pending_age_hours = 24

# Similarity threshold for AIModified detection (default: 0.6)
similarity_threshold = 0.6
```

## Privacy Section

### enabled

```toml
[privacy]
enabled = true  # default
```

Master switch for redaction. When `false`, no redaction is performed.

### use_builtin_patterns

```toml
[privacy]
use_builtin_patterns = true  # default
```

Whether to use the built-in redaction patterns. See [Privacy & Redaction](./privacy.md) for the full list.

## Analysis Section

### max_pending_age_hours

```toml
[analysis]
max_pending_age_hours = 24  # default
```

Controls when the pending buffer is considered stale (used by `whogitit status` and warnings).

### similarity_threshold

```toml
[analysis]
similarity_threshold = 0.6  # default
```

Similarity threshold for detecting AI‑modified lines. Lower values are more aggressive.

### disabled_patterns

```toml
[privacy]
disabled_patterns = ["EMAIL", "PHONE"]
```

Disable specific built-in patterns by name. Available patterns:

| Name | Description |
|------|-------------|
| `API_KEY` | API key and token assignments |
| `EMAIL` | Email addresses |
| `PASSWORD` | Password assignments |
| `AWS_KEY` | AWS access keys and secret keys |
| `PRIVATE_KEY` | PEM private key headers |
| `BEARER_TOKEN` | Bearer authorization tokens |
| `GITHUB_TOKEN` | GitHub personal access tokens |
| `GENERIC_SECRET` | Generic secret/credential assignments |
| `SSN` | US Social Security numbers |
| `CREDIT_CARD` | Credit card numbers |
| `PHONE` | US phone numbers |
| `DB_CONNECTION` | Database connection strings |
| `SLACK_TOKEN` | Slack API tokens |
| `STRIPE_KEY` | Stripe API keys |
| `JWT_TOKEN` | JWT tokens |
| `GOOGLE_OAUTH` | Google OAuth refresh tokens |
| `MICROSOFT_OAUTH` | Microsoft/Azure OAuth refresh tokens |
| `DOCKER_REGISTRY` | Docker registry credentials |
| `K8S_SECRET` | Kubernetes secret references |
| `BASE64_SECRET` | Base64-encoded secret values |
| `NPM_TOKEN` | npm authentication tokens |
| `PYPI_TOKEN` | PyPI API tokens |

### audit_log

```toml
[privacy]
audit_log = true
```

Enable logging of significant events (deletions, exports, etc.) for compliance. Events are logged to `.whogitit/audit.jsonl`.

### custom_patterns

```toml
[[privacy.custom_patterns]]
name = "PATTERN_NAME"
pattern = "regex-pattern-here"
description = "Optional description"
```

Add custom redaction patterns. Each pattern needs:

| Field | Required | Description |
|-------|----------|-------------|
| `name` | Yes | Unique identifier (appears in audit log) |
| `pattern` | Yes | Regular expression to match |
| `description` | No | Human-readable description |

## Retention Section

### max_age_days

```toml
[retention]
max_age_days = 365
```

Delete attribution data older than this many days. Set to `null` or omit for no age limit.

### auto_purge

```toml
[retention]
auto_purge = false  # default
```

When `true`, automatically apply retention policy after each commit via the post-commit hook.
Use with caution.

### retain_refs

```toml
[retention]
retain_refs = ["refs/heads/main"]  # default
```

Git refs whose commits should never have their attribution deleted, regardless of age. Useful for preserving history on main branches.

Format: Full ref names like `refs/heads/main`, `refs/tags/v1.0.0`.

### min_commits

```toml
[retention]
min_commits = 100  # default
```

Minimum number of commits to keep regardless of age. Prevents accidental deletion of all attribution data.
When enforcing this minimum, whogitit keeps the newest commits by commit time.

## Example Configurations

### Minimal (Defaults)

```toml
# No configuration needed - defaults are sensible
```

### Privacy-Focused

```toml
[privacy]
enabled = true
audit_log = true

[[privacy.custom_patterns]]
name = "EMPLOYEE_ID"
pattern = "EMP\\d{6}"
description = "Employee IDs"

[retention]
max_age_days = 90
min_commits = 50
```

### Enterprise Compliance

```toml
[privacy]
enabled = true
audit_log = true

# Custom patterns for internal systems
[[privacy.custom_patterns]]
name = "INTERNAL_API"
pattern = "int-api-[a-f0-9]{32}"

[[privacy.custom_patterns]]
name = "CUSTOMER_ID"
pattern = "CUST-\\d{8}"

[retention]
max_age_days = 365
auto_purge = false
retain_refs = [
  "refs/heads/main",
  "refs/heads/production",
  "refs/heads/staging"
]
min_commits = 500
```

### Open Source Project

```toml
[privacy]
enabled = true
# Disable email redaction for open source
disabled_patterns = ["EMAIL"]

[retention]
# Keep everything
max_age_days = null
```

## Validating Configuration

Use the `retention config` command to verify your configuration is loaded correctly:

```bash
whogitit retention config
```

Test redaction patterns:

```bash
whogitit redact-test --text "Test string with api_key=secret123"
```

## Environment Variables

Some settings can be overridden via environment variables:

| Variable | Description |
|----------|-------------|
| `WHOGITIT_CONFIG` | Absolute or relative path to a TOML config file (overrides repo/global discovery) |
| `WHOGITIT_BIN` | Path to whogitit binary (used by hooks) |

## See Also

- [Privacy & Redaction](./privacy.md) - Detailed redaction information
- [retention](./commands/retention.md) - Retention policy management
- [audit](./commands/audit.md) - Viewing audit logs