Hello everyone,
I am LeChatP, the owner of the RootAsRole project. This letter aims to provide transparency regarding the use of AI-assisted coding tools in RootAsRole. It also outlines the AI usage practices implemented throughout the project's history.
This project was created in 2018, and I started using AI-assisted coding tools for RootAsRole in 2023, specifically GitHub Copilot under the free GitHub Student Pack license.
AI was used as a development productivity tool, in particular for:
- Code completion and boilerplate generation in Rust
- Suggestions for implementation patterns and refactoring
- Assistance in rewriting code and documentation drafts
All code written with Copilot assistance was reviewed, validated, and modified by myself; and occasionally by my research team; before merging.
Yes, the previous sentence is a very common one you can read in many open-source projects that are AI-friendly. While it can be true, it feels like another AI-generated hypocrisy.
Yes, I did a few crappy commits in the past, with or without AI. And the idea that it is the AI that is responsible for these mistakes is a bit of a stretch. You can find them in the git history. However, I have always been very careful afterwards, fixing them was my own punishment as nobody else would have really noticed them and they never impacted the main branch.
I am mostly the sole developer of this project since 2019. When I arrived on the project, my very first contribution to the project was to implement C unit tests to avoid regression. At this time, I was a 2nd-year University student in Computer Science. I knew that the project was security-critical and that I had to be careful with my contributions. While reading a lot of documentation and articles on the subject, I never trusted myself.
Later, with Rust language in 2023, I've never trusted either AI or myself. So I implemented a broad set of unit and integration tests to even strengthen my own confidence in my AI-assisted work, ensure correctness, and avoiding regression to the best I can. Even if some of tests are sometimes obviously trivial. It may mean that at a time in the project, it wasn't.
I completed my PhD thesis on the very topic of the RootAsRole project in december 2025. All research work, system design, security model definitions, and architectural decisions are entirely original and were independently produced without AI. AI may have helped me fix minor typos and clarity issues in my research articles, just as any translator would. Ironically, in 2023, I decided to take English lessons to improve my language skills. Today, it seems the formal English phrasing I learned sometimes makes my own sentences look like they were generated by AI. It is a bit unfortunate.
Now that I am not a student anymore, I no longer have access to the GitHub Student Pack and I do not want to pay for AI tools. Given that I have potato hardware and considering the current state of IT infrastructure. I prefer not to contribute to this crazy trend.
I am not convinced that security considerations are an argument to avoid AI tools. AI will likely become better at finding security flaws in code than humans. For me, it has always been about how you use the tool rather than if you use it. Therefore, I do not oppose AI-assisted development tools in general; however, their use is only appropriate when it provides measurable, engineering-focused benefits.
As for our visual identity, the project previously used an AI-generated logo in its 3.0 version. This identity was created in the early days of generative imaging tools, at a time when I could never have imagined just how devastating AI would become for artists.
Consequently, in 2026, with the release of 4.0, I decided to replace this logo with handcrafted designs created by an independent artisan artist. This is my personal choice, and it reflects a firm preference for human-made artistic work and ensures a truly unique, original visual identity for RootAsRole.
In order to ensure ongoing transparency, I ask future contributors to indicate if they used AI-assisted coding tools in their pull requests. I especially need to know how the AI was used.
If you have a great idea but do not know how to implement it without AI, please consider opening an issue instead. We can discuss your idea and find a solution together.
I will review contributions that involve AI usage with greater scrutiny to ensure they meet the project's high quality and security standards.
Also, if you want to discuss for the project, make issues, you can make typos, do grammar mistakes, since it is only a matter of understanding. We do not care. I prefer to have a human-written text with typos than a perfect AI-generated text which do conditional statements or being overly confident in its statements and being particularly arrogant.
Publishing this letter was not easy. Given how polarizing the debate around AI-assisted development is, there was a genuine fear that being transparent about past usage might lead to misunderstandings or alienate some users.
Trust is a fascinating research subject in the SIERA IRIT team. I believe that open source is also based on trust. To earn that trust, I could just send you a very-well crafted x.509 certificate, trusted by many. But I do prefer to provide the means to demonstrate my good faith in this letter. Sharing my journey and evolving choices regarding these tools. This is my way of helping you to verify the trust you can place in this project.
Eddie BILLOIR, PhD in Cybersecurity, 28th June 2026 at Toulouse, France.