Why You Cannot Measure AI-Assisted Delivery With a Survey

Self-report drifts upward and license counts measure procurement, not practice. The signal that holds up is the artifact each role produces every week, read on a ladder from exists to outcome.

Share
A code editor showing a repository tree (.claude, CLAUDE.md, a hook, a skills folder) beside a tool-usage report of session ratings, rejections and active days, linked by a cross-reference…
Why You Cannot Measure AI-Assisted Delivery With a Survey

You bought the seats. The license dashboard is green. Adoption is up and to the right, and the quarterly survey says the team feels more productive. None of it answers the question you actually have, which is whether anyone on the team is getting better at AI-assisted delivery, or just holding a seat. Self-report measures what someone believes about their practice. The evidence measures what their practice deposited on disk. The two diverge constantly, and the gap is where the real read lives.

You can read most of a practitioner's AI-assisted delivery practice without asking them a single question, and read it honestly enough to act on. You inspect two evidence streams they already produced, the artifacts in their repository and the behavior in their tool-usage trace, against an integrity model that refuses to assume a file existing means it ever ran, and refuses to assume it running means it ever worked, and that reports how much of the picture it could actually see.

Self-report measures belief; the artifact measures practice

Walk into most engineering orgs that have committed to AI and you will find three instruments pointed at the same question, all of them missing it.

The first is the license dashboard. It proves a seat exists. Someone provisioned a Copilot or Claude Code license, and the meter shows activity against it. That is a real fact, and it is the wrong fact. A seat is provisioning, not capability. You can pay for a seat that gets used to autocomplete variable names and never once to redesign how the person works.

The second is the survey. It proves a belief exists. Ask a developer to rate their prompting on a scale of one to five, ask whether they use plan mode, ask how much time AI saves them, and you will get numbers back. Those numbers measure self-perception, which is a signal about morale and confidence and almost no signal about behavior. People are honest and wrong about their own practice all the time, in both directions. The strong operator underrates the habits that have become invisible to them. The seat-holder overrates the tool they barely drive.

The third is training completion. It proves attendance. A course was finished, a certificate was issued, a box is ticked. Attendance is the weakest proxy of the three, because it sits furthest from the work. Nothing about completing a module tells you whether the person changed a single thing about how they ship.

None of these three proves the behavior happened, and none of them proves it worked. To measure developer productivity in the age of AI-assisted delivery, you are reaching for instruments built to count activity and belief, then quietly treating the count as if it were capability. The honest move is the opposite one. You read the person's capability from the evidence they already left behind, the work they produced and the way they actually behaved while producing it, because that evidence cannot believe anything about itself. It is just there, or it is not, and what it shows is what happened.

Capability is read from two streams, and one checks the other

A split diagram cross-checking two streams: repository artifacts on the left, usage behavior on the right, with a check-mark where they intersect and one skill row dimmed and tagged exists-not-used.

The instrument I keep coming back to reads two streams, not one, and the discipline lives in how the streams check each other.

Stream A is the repository. Not the code volume, which is noise, but the operating apparatus a person built around their work. The .claude/ directories, the CLAUDE.md files at the root and nested in subprojects, the agents and skills and hooks, the MCP configuration, the git history, the pre-commit setup. The scan reads all of it, and the question it asks of each artifact is not "does this exist" but "did the person author it." A renamed copy of a vendor-shipped skill with no real customization earns no credit, because authorship is the signal and a default with the serial numbers filed off is not authorship. A CLAUDE.md is not credited for existing either. Three of its claims get spot-checked against the actual codebase, and its last-edit date gets compared against code churn. A CLAUDE.md that sat untouched through ninety days of active development is a stale wall of text, and a stale instruction file is evidence of a practice that stopped, not one that runs.

Stream B is the usage trace, assembled from what Claude Code session history and the /insights analytics expose, supplemented where available by locally derived session analysis: the actions they rejected, the count of active days, the friction they hit, and the shape of how they accepted what the agent produced. Signal availability varies by setup, so each signal is read with its source and coverage, and anything the telemetry does not expose is left unread rather than inferred. One signal in that set, the self-rated outcome on a session, is the trace's one piece of self-report, so it is read as corroboration and never as proof of outcome on its own. Active days matters more than it looks, because it is the only signal in the set that evidences recurring cadence rather than one impressive afternoon. Software engineering metrics built on a single snapshot cannot tell a habit from a stunt; a usage trace across weeks can.

Then comes the move that the rest of the field skips. You pair the two streams, and one checks the other. A skill that exists in the repository counts as fully used only when the usage trace shows it was actually invoked. A skill that is present in .claude/ but never appears in any session is exists-not-used, and exists-not-used earns partial credit, not full marks. This cross-check is what turns ai developer productivity from a usage count into a capability read. Most adoption measurement only ever sees one side of the cross-check. The license dashboard sees usage and infers the rest. The repo-only audit sees files and infers the rest. The honest read sees both and infers nothing it cannot cross-check.

A file existing is not it running is not it working

The reason cross-checking matters at all comes down to a single discipline, and it is the part the whole productivity-metrics field gets wrong. The read runs on a ladder, and a lower rung never grants a higher one:

exists → valid → used → outcome

A file being present means it exists. It does not mean the file is correctly configured, which is valid. Valid does not mean it ever ran in a real session, which is used. And used does not mean it produced the result it was supposed to, which is outcome, and outcome wants a demonstrated effect, a test passing or a control catching a seeded violation, not a self-rating, which is why most items honestly top out at used and the top rung stays the exception rather than the norm. "Has a hook" is exists. "The hook blocks bad output" is outcome. You cannot grant the second from the first, and the entire trick of dishonest measurement is to do exactly that, quietly, every time.

Here is the failure made concrete. A developer has a hook registered in their Claude Code setup, configured to scan the agent's generated code for secrets before it gets written. The repo-only audit sees the hook file and credits the capability. But the usage trace shows the hook never fired in a single session, because its path filter never matched or it was disabled in practice. The hook exists. It was never used. Crediting it as outcome would be a lie the evidence is right there to refuse. That is the read catching a false positive, and catching false positives is the job.

This is what self-report and license dashboards cannot do, structurally, because they only ever stand on one rung and assume the rest. A survey that asks "do you use a security hook" collects a belief, lands on exists at best, and infers all the way up to outcome. A seat-count proves a license is consumed and infers capability. The ladder is the anti-gaming spine of an honest read, and it earns the article a small table, because the contrast between what each instrument proves is the whole argument compressed:

Instrument What it actually proves Highest rung it honestly reaches
License seat A seat is provisioned and consumed exists
Self-rating survey A belief about one's own practice exists (a claim, not a fact)
Training completion Attendance was recorded exists
Artifact authored and structurally checked The apparatus is present and its configuration checks out valid
Usage trace shows it invoked The apparatus actually ran used
Outcome demonstrated (a test passing, a control blocking a seeded violation) The apparatus produced the intended result outcome

Read down the right-hand column and the gap is obvious. Every activity instrument tops out at exists, then borrows the rungs above it on credit. The evidence read climbs the ladder one honest rung at a time and stops where the evidence stops. An item scores full marks only when the dimensions its own claim requires are actually evidenced. Otherwise it lands at partial, or at "not assessed," and the read names which rung is missing rather than papering over it.

Absence is interpreted, not punished

The fastest way to make a capability read untrustworthy is to treat every missing artifact as a failure. Generic scorecards do this constantly, and it is why nobody believes them. A scorecard that dings a Business Analyst for not building an MCP server is measuring the scorecard's expectations, not the person's work.

The discipline here is the opposite. A missing artifact is a real failure, a genuine red mark, only when a person doing that particular work would have left the artifact behind. The technical term for it is a required artifact: something whose absence is itself evidence, because the role implies it. A backend engineer shipping AI-generated code with no security scan anywhere in their setup has a real gap, because someone doing that work and doing it well would have left that trace. The absence is informative.

But behaviors that leave no trace, and capabilities outside the person's role, do not become failures. They become "not assessed, with a reason." The read says, in effect, "I could not see whether this person does X, because nothing in their work would have shown it either way, and X is not part of their role." That is not a dodge. It is the only honest thing to say about a signal you genuinely cannot observe. Developer performance metrics that force a verdict on every dimension, observed or not, manufacture failures to fill the grid, and a manufactured failure is worse than a blank, because it poisons the reads around it.

This is what lets the same instrument run across a Dev, a QA engineer, a DevOps lead, and a Business Analyst without lying to any of them. Role applicability is built into the question, so the read tunes itself to what the person's work would actually deposit. The grid does not punish a person for not being someone else.

The same logic settles the standardized-org case. Where a strong setup is maintained centrally and handed to the team, authorship and operational proficiency are scored as separate things. A practitioner who runs an excellent central apparatus well is not marked down for not having built it themselves, and the platform team that authored it gets the authorship credit. Customization earns its own credit only where the role or the repository actually calls for it, not as a tax on everyone who was handed something good.

The most damning signals are the ones to trust least

There is a temptation built into any behavioral read, and the honest version of the instrument refuses it on purpose. The temptation is the gotcha.

Two signals look like a smoking gun. The first is zero user-rejections: the developer never once told the agent "no, not like that" across an entire usage history. The second is a sub-ten-second median acceptance time: diffs getting accepted faster than a human could plausibly have read them. Put together, they look exactly like blind-accept, the developer who takes whatever the agent emits without reading it, and blind-accept is the behavior every careful operator is afraid of finding.

So the instrument should convict on them. It does not, and the reason it does not is the most important design choice in the whole read. A developer with genuinely strong prompts needs very few rejections, because their prompts produce what they wanted the first time. Low rejection rate is as consistent with mastery as it is with negligence. And small diffs review fast; a one-line change accepted in four seconds is not evidence of anything except that it was a one-line change. These signals are real, and they point somewhere, but they point with low confidence. So the model treats them as confidence-lowerers, never as verdicts. They nudge the read toward "look closer here," they never force a fail.

This is the tell that separates an instrument from a sales tool. A sales tool reaches for the most dramatic signal it can find and presents it as proof, because drama sells. An instrument that is honest about its own evidence resists its most tempting conclusions hardest, precisely because they are tempting. Honest ai assisted development measurement is measurement that distrusts its own gotchas.

A security exposure caps the number before you can post it

A capability score that ignores security is measuring the wrong thing well. A developer must not be able to post an excellent number while a live secret sits in their git history, because the excellent number would be a lie of omission. So security is assessed first, before any capability item, and it caps the final score.

The cap is graduated by exposure path, not by vibe, and the gradient is the part worth understanding. A live-looking secret committed to tracked files or history is the hard ceiling, because the exposure is real and present. A plausible exposure path is a softer cap: a .env file that is not in .gitignore, a blanket permission allow with no deny-guard, an unguarded destructive-command path, AI-generated code shipping with no security scan anywhere in the loop. None of those is a secret already leaked, but each is a door left open, so they cap the number lower without slamming it to the floor. And pure hygiene with no exposure path, a missing AI-tools inventory file, gets reported but does not cap at all, because inflating hygiene into a risk would cry wolf and burn the gate's credibility.

This is how the instrument I use does it: a real, present exposure caps the capability number at fifty-nine, a plausible exposure path caps it at seventy-nine, and pure hygiene only advises. Those specific numbers are this instrument's design choices, not an industry standard, and the gradient is the point, not the constants. What matters is that the cap is proportionate to the severity of the exposure, so it stays believable. A gate that fails everything for everything teaches people to ignore it.

Two more disciplines hold the gate honest. Findings print the path and the line, never the secret value itself, because a measurement instrument that copies your secret into its own report has just created a second copy of the exposure. And fixing a real exposure visibly returns the capped points on the next run. Security is not a punishment that follows you forever; it is a gate that rewards remediation. You close the door, the number goes up, and the read shows you why.

An instrument that can only go up is marketing

The most reliable way to tell a measurement instrument from a marketing dashboard is to ask whether the number can go down. A real read can regress, and it reports the regression with the evidence that proves it.

A capability score that was eighty last quarter and is seventy-one this quarter is not a bug to be smoothed over. It is a finding. A hook got unregistered. A CLAUDE.md went stale, its claims no longer matching the codebase, its last edit ninety days behind the code. A skill that used to show up in the usage trace stopped appearing. Each of those is a capability lost, and a lost capability that the instrument hides is a measurement that has chosen to flatter you instead of inform you. Measuring developer productivity honestly means letting the number fall when the practice falls, and naming exactly what fell.

The other half of regression-honesty is coverage. The score is always shown as "based on N of M items assessed," and that framing carries more information than the number alone. A thirty-nine built from eighteen of thirty-six items is the instrument saying "I could not see much, and what I saw was thin." A thirty-nine built from thirty-four of thirty-six items is the instrument saying "I looked at almost everything, and it genuinely is not there." Those are different statements about the same number, and a low-coverage score must never be read as low capability. It is read as low visibility, which is a prompt to look closer, not a verdict to act on. A developer experience metrics dashboard that hides its coverage is hiding the difference between "we did not measure" and "we measured and it failed," and that difference is the whole point.

And the read names what would make it wrong about a person, because a measure that cannot be wrong is not measuring. Its false positive is the well-kept apparatus paired with weak delivery: someone who authors a clean setup, invokes their skills, and keeps their CLAUDE.md current while shipping worse than a colleague driving raw autocomplete, because the read sees the practice and not the result. Its false negative is strong practice that lives where the read cannot look, the threat-modeling worked out in pull-request threads, the judgment that never deposits an artifact, the setup maintained on a different toolchain. Coverage flags the second case as low visibility rather than low capability, but it does not erase either failure, and an instrument that pretended it had none would be the marketing it warns you about.

This is not DORA, SPACE, or DX, and here is the line

It would be easy to file this read under the existing frameworks, so it is worth drawing the line precisely, because the line is the contribution.

DORA measures software-delivery performance: deployment frequency, change lead time, failed deployment recovery time, change failure rate, and deployment rework rate. SPACE measures developer productivity across several dimensions, satisfaction and performance and activity and communication and efficiency. DX combines perceptual and operational evidence to surface the friction the people doing the work actually hit. All three are good instruments, and between them they describe delivery performance, developer productivity, and the experienced friction of the work. They answer "how is the work moving and how does it feel to do."

This read answers a different question. It does not measure delivery flow. It reads whether the operating model itself changed, at one-person resolution, from the artifacts the person produced. That is the practice layer, the evidence of how a person works with the agent, and it is narrower than productivity on purpose. It is not a measure of delivery throughput, code quality, or business value, which are real questions with their own evidence downstream of this one. Reading the practice honestly is the prerequisite the seat-count skips, not a stand-in for measuring outcomes. The unit of analysis is not the team's throughput or the org's deploy cadence. It is the individual practitioner's apparatus: what they built into their own tooling, and how they actually behaved when the agent produced output. The sophisticated voices in developer productivity metrics, the ones that have spent years correctly rejecting single-number productivity scores and arguing for human judgment, are right, and this read agrees with them. It just adds a thing human judgment alone cannot scale: an automated, two-stream, cross-checked read of the artifacts, applied per person, that refuses to infer upward. The point of measuring developer productivity this way is not a tidier scoreboard. It is software development performance metrics that name what changed in the practice, person by person, instead of what the seat-count believes changed.

This is the same lens the Shift Harness Artifact Test applies at the organizational level, brought down to one-person resolution. The artifact test reads operating-model change through the artifacts teams produce, the specs and decision logs and QA plans and review patterns and governance evidence and role-level playbooks. The individual read does the same thing for one practitioner's AI-assisted apparatus. The frame is present only when the evidence points at operating-model artifacts, which is what keeps it distinct from "outcome metrics over activity metrics," the incumbents' logic. Outcome-over-activity is still measuring delivery flow. This is measuring whether the operating model moved.

What this hands the decision-maker on Monday morning

A before-and-after on a desk: a hollow seat-utilization gauge beside a per-person capability read with two cross-checking source columns and a security-gate cap on the score.

Here is what changes the moment you have this read in hand. You stop asking "is the team using AI," which is a seat question you already know is hollow, and you start asking "what is each person actually capable of, from the evidence, and where is the highest-leverage gap." That second question is the one that moves delivery, because it is answerable and it is actionable.

A per-person read lands on your desk and it has shape. It tells you that person X has built their own automation, authored skills that show up invoked across the usage trace, and runs a CLAUDE.md whose claims still match the codebase. It tells you person Y holds a license, runs vendor defaults as-is, and has a security hook that exists in the repo but never fired once, because the usage trace caught the exists-not-used false positive that a repo-only audit would have credited. It tells you person Z has a live exposure path that caps their number until they close it, with the path and the line named, and the secret value never copied into the report.

And it hands each person a learning plan anchored in their own repository, where every task references real files and real flows found during the read. This is what keeps the read a coaching instrument the person sees first rather than a ranking used against them: a finding that caps the score returns its points the moment the door is closed, and the output is a development plan for the practitioner, not a verdict for their manager. None of this makes the read a validated instrument in the scientific sense, and the one inference the ladder does not itself discharge is worth naming: that a person's apparatus and behavior predict the quality of what they ship. It does not establish that. It has not been calibrated against expert assessment or delivery outcomes, so it reads whether the practice changed and treats that as a prerequisite worth reading, not a proxy for results, and not a basis for ranking people against each other. The same read used punitively, without the person's sight of it, is surveillance; used to hand someone their own next move, it is coaching, and the difference is a design choice, not a property of the evidence. The non-negotiable that makes the plan worth anything: a task that could be pasted unchanged into any other repository is invalid. Generic advice is not a plan. "Add a security scan to your CI" is a template; "add a secret scan to the pre-commit config at this path, which currently runs only the formatter, before your next AI-generated change lands" is a plan. That is the Monday-morning test, and it is the line between an operator's read and a commentator's scorecard.

I built a tool that does exactly this. It is a free, non-commercial Claude Code skill that reads a developer's capability from their repository and their usage trace, runs the integrity ladder, caps on security findings, and writes the repo-anchored learning plan. It is not a thing to adopt. It is the lens, embodied, as proof that the idea is operational rather than theoretical, that you can in fact read capability from evidence per person without asking anyone to rate themselves on a scale of one to five. The principle generalizes past any one toolchain: read the artifacts and the behavior, not the seat. This particular lens is Claude-Code-shaped, the .claude/ apparatus and the session history, so a team on a different stack does not inherit this exact read; they inherit the discipline and point it at their own evidence surfaces.

The shift it represents is small to describe and large to live with. Seat-counting asks whether the tools are present. Evidence-based capability reads ask whether the practice changed, person by person, and answer it from what the practice left behind. To measure ai coding productivity at all honestly, you have to stop counting seats and start reading evidence. Ai adoption metrics that count usage will keep telling you the dashboard is green. The question that actually moves your delivery is the one the green dashboard cannot answer, and you can only answer it by reading the evidence each person already wrote to disk, climbing the ladder one honest rung at a time, and refusing to call a file that exists a capability that works.

Frequently Asked Questions

Can you measure a developer's AI-assisted capability without asking them?

Yes. You read two evidence streams the developer already produced rather than interviewing them: their repository and their tool-usage trace. The repository carries their operating apparatus (the .claude/ setup, CLAUDE.md files, agents, skills, hooks, MCP configuration, and git history), scored on whether the person authored it, not just whether it exists. The usage trace carries how they actually behaved, drawn from the behavioral signals available in that setup, such as rejected actions, active days, session outcomes, and locally derived interaction patterns, each read with its source and coverage rather than inferred where the telemetry does not expose it.

The read pairs the two so neither stream gets trusted alone, and identity is detected from git config and account data, never interrogated. The point is that artifacts cannot believe anything about themselves, so they are a more honest signal than a self-rating. A survey measures what someone believes about their practice; the evidence measures what their practice deposited on disk, and the two diverge constantly.

How is this different from DORA, SPACE, or DX?

It measures a different unit. DORA measures software-delivery performance (deployment frequency, change lead time, failed deployment recovery time, change failure rate, deployment rework rate). SPACE measures multi-dimensional developer productivity (satisfaction, performance, activity, communication, efficiency). DX combines perceptual and operational evidence to surface where the work has friction. All three are good instruments, and they operate mostly at team or organization scale, though SPACE includes individual-level measures too, answering how the work is moving and how it feels to do.

An individual evidence read answers a narrower question: whether one practitioner's operating apparatus changed, read from the artifacts they produced, refusing to infer that usage means capability. It complements the flow frameworks rather than competing with them, because it answers a question they do not ask. Use DORA, SPACE, and DX for team-level delivery health; use a per-person evidence read when you need to know what each individual is actually capable of.

Why is self-report a weak way to measure developer productivity?

Self-report measures belief, not behavior. Asking a developer to rate their prompting on a scale of one to five, or to estimate how much time AI saves them, returns numbers that capture self-perception, which is a signal about morale and confidence and almost no signal about practice. People are honest and wrong about their own work in both directions: the strong operator underrates habits that have become invisible to them, and the seat-holder overrates a tool they barely drive.

License dashboards have the opposite problem and the same root cause. A seat-count proves a license is provisioned and consumed, then silently infers capability from consumption. A seat used only to autocomplete variable names registers the same activity as a seat used to redesign how someone works. Both instruments stand on one rung of evidence and assume all the rungs above it, which is exactly the inference an honest read refuses to make.

Can an evidence-based capability score be gamed?

It is designed to resist the obvious games, because an integrity ladder forbids the upward inference that gaming relies on. Dropping a vendor-default skill into the repository does not help, because authorship is checked and a renamed default earns no credit. Having a hook present does not help, because the usage trace has to show it actually fired before it counts as used. Writing a long CLAUDE.md does not help, because its claims get spot-checked against the codebase and its staleness against code churn.

The model also deliberately treats the most damning behavioral signals as weak rather than as verdicts. Zero rejections and a sub-ten-second median acceptance time look like blind-accept, but they are equally consistent with strong prompts that produce the right output the first time, so they lower confidence and prompt a closer look rather than forcing a fail. The net effect is not that gaming becomes impossible, but that the laziest games stop working and the rest get more expensive: a determined gamer can still invoke a skill once to mark it used or touch a file to reset its staleness clock, and active days catches cadence, not depth. The honest claim is that the read raises the price of faking, which tilts the cheapest path back toward real work, not that gaming the read means doing the work.

Isn't reading a developer's repository just surveillance?

It can be, and the honest answer starts there rather than with a denial. The same evidence supports coaching or control; which one you have built is a governance choice, not a property of the data. Read punitively and without the person's sight of it, an evidence read is surveillance. The version worth defending inverts that by design. It draws on repository artifacts a code reviewer could already inspect alongside behavioral telemetry that carries its own requirement for explicit consent and governance, and it prints security findings as path-and-line, never copying a secret value into its own report. It produces a coaching instrument anchored in the person's own repository, shown to the practitioner first, where every learning task references real files and real flows rather than a ranking to punish people with. Consent, retention, and whether the score ever touches compensation decide which instrument you have.

A read that reports a security exposure tells you the path and how to close it, then returns the capped points when you fix it. Surveillance accumulates control over people; an evidence read accumulates a development plan for them. The score is also always reported as "based on N of M items assessed," so a low number from few visible items reads as low visibility, not low capability, and a developer working productively through a setup the read cannot see is never penalized for being unobservable.