Research question
At a high level, the work investigates whether the transition from pre-AI to AI-assisted development changes the structural signals that matter for understanding open source project health and risk.
Research overview
Beyond authorship, toward structure.
The research behind Biguá Analyzer explores whether public repository signals can help characterize open source software structure, continuity, and resilience in a period increasingly shaped by AI-assisted development.
Rather than centering the discussion on whether code was produced with AI, the project focuses on whether the underlying sociotechnical shape of open source projects can still be meaningfully interpreted through public data.
Project stance
Biguá Analyzer treats repository behavior as a structural and sociotechnical signal source. It is not positioned as an authorship detector, a vulnerability scanner, or a substitute for conventional security review.
What the framework looks at
Contribution structure
Distribution of work across contributors, concentration patterns, and signals related to maintainer dependency.
Redundancy and continuity
Signals connected to contributor breadth, activity continuity, turnover, and the degree to which project knowledge appears concentrated or distributed.
Interpretive caution in the AI era
A documented inference layer helps interpret modern repository behavior more carefully, especially when recent activity patterns may look cleaner or more regular than historical structure would suggest.
Repository-backed materials
The public repository now functions as the main source of truth for the project: it contains tagged releases, metrics documentation, project docs, community files, security reporting guidance, and citation metadata.
That makes this website a concise entry point rather than the full publication surface. Visitors who want practical depth can move directly into the repository, release history, or supporting docs.
Concrete outputs
In addition to repository analysis itself, the tool produces CSV and JSONL outputs, can render AI-assisted reports, and can generate research-ready plots directly from analyzer CSV files.
Why this matters
Security and engineering teams often need to reason about dependency risk using incomplete signals. Structural repository analysis can add context around continuity, maintainership concentration, and confidence in the observed picture, complementing more familiar checks such as vulnerabilities, popularity, or release activity.
What this page does not do
This page intentionally avoids reproducing the full paper, detailed findings, or supplementary artifacts. Those live in the project repository and releases so the site can remain a concise public entry point.