AI News HubLIVE
In-site rewrite6 min read

Show HN: Causari – Content-addressable ledger for AI agent code edits

Causari is a content-addressable ledger that tracks the intent and causality behind AI agent code edits. It captures every prompt, model, read, write, and reasoning as immutable causal events, enabling query, replay, and verification, solving provenance and debugging challenges for AI-generated code.

SourceHacker News AIAuthor: CroviaTrust

v0.1.0 — initial public release

Trace intent. Debug causality.

The first content-addressable ledger for AI agents. Every prompt, model, read, write and reasoning becomes an immutable causal event — captured at the wire and on disk, without the agent's cooperation, queryable like git, but for the intent behind every line of code.

Quick start

View on GitHub

BSL 1.1 → Apache 2.0 · Linux · macOS · Windows · ~3 MB binary · No telemetry

A real re churn session — how much of your AI spend survived. · R to replay

The problem

Your agents are writing rewriting your codebase. Blind.

01

Black box edits

Cursor touched 30 files in 4 minutes. Which prompt wrote that suspicious regex on line 84? You don't know. Nobody does.

02

Silent regressions

You revert one of yesterday's agent changes. Three other agent decisions silently lose the context they were built on. CI is green. Production isn't.

03

Causal amnesia

A test breaks 200 prompts later. Bisect through chat logs? You read for an hour, give up, and rewrite the feature from scratch.

The thesis

Git tracks bytes. LangSmith tracks conversations. IDE checkpoints track snapshots.

None of them connect a line of code to the intent that produced it.

Causari does. We call it intent-addressable code.

The capture engine

Provenance without cooperation.

Every provenance tool before Causari only worked if the agent volunteered its own history. Agents don't. So Causari observes two independent streams — and joins them by content.

re proxy

The wire

A local, OpenAI- and Anthropic-compatible LLM proxy. Point your agent's BASE_URL at it and every prompt, completion, token and dollar flows through Causari on its way to the provider. Streaming passes through live.

re watch

The disk

A passive filesystem recorder. Every change becomes a snapshot. Then the causal join: the lines inserted in your files are searched inside the completions captured moments before. A match is a causal fingerprint — with a confidence score.

re hook

The runtime

Where the agent exposes lifecycle hooks (Claude Code today), capture is native and exact: re hook claude-code wires UserPromptSubmit and PostToolUse so every prompt and every edit is recorded at the source. No inference needed.

A real session — nothing self-reported

$ re proxy

causari: LLM capture proxy listening on http://127.0.0.1:4242

• gpt-4o 42→18 tok $0.0003 "Add JWT refresh logic that rotates every 24h"

$ re watch # another terminal

• 0d47599550 auth.py

↳ intent: "Add JWT refresh logic that rotates every 24h" gpt-4o (confidence 100%, 3/3 lines)

$ re why auth.py:2

introduced by 0d47599550

model: gpt-4o

prompt: "Add JWT refresh logic that rotates every 24h"

→ provenance is now a fact, not a self-report

The experience layer

The same mistake is never paid twice.

Recording the past is half the job. Causari distills every completed task into a signed skill — proven experience your agents recall before they act. Trust is earned, never claimed.

re skill distill

Distill

One command walks the ledger and compresses each task — the prompt that triggered it, the steps taken, the files changed — into a portable skill file. Idempotent, local, instant. Signed with the repo's Ed25519 key at the moment of creation.

● → ◆ → ★

Earn trust

● recorded — distilled, no success signal yet. ◆ verified — evidence attached: exit code 0, or the work survived at the tip of the timeline. ★ proven — verified and recalled 3+ times by agents doing new work. Edit one byte and re skill verify exposes it.

causari_recall

Recall

Through MCP, agents query their own past before acting: signed skills come first, ranked by trust (proven ×4, verified ×2). Every recall bumps the use counter — the loop that turns a verified skill into a proven one. Agents get measurably cheaper over time.

Events become experience — signed, verifiable, reusable

$ re skill distill

distill: 128 event(s) scanned, 7 new skill(s), 12 already distilled

◆ verified 2ce0c7bbda add retry with exponential backoff

$ re skill verify

ok 2ce0c7bbda add retry with exponential backoff

verify: 7 skill(s), every signature valid (Ed25519)

$ re skill show 2ce0

trust: ◆ verified signature: valid

trigger: "add retry with exponential backoff"

evidence: exit_zero=true survived=true

→ next time any agent faces this task, it already knows the answer

$ re skill pull ~/team-skills/

pull: 7 imported, 2 already present, 0 rejected

→ one engineer's verified fix becomes every agent's instinct. No server. Ed25519 only.

Causari Proof

Provenance anyone can verify. Trusting no one.

Mint a signed certificate of your repo's AI provenance — how many agent actions, which agents and models, how much verified experience — bound to the exact ledger by a content digest. Anyone can verify it offline: no server, no account, no trust in us.

re proof generate

Mint

One command signs your provenance with the repo's Ed25519 key and emits a self-contained SVG badge — zero external assets. It's agent-agnostic by design: the proof aggregates the whole capture ledger, so it covers every agent — Claude Code, Cursor, Cline, Windsurf, a raw proxy — not one runtime.

re proof verify

Trustless

A reviewer, an auditor, a stranger reading your PR runs one command and confirms the proof was not altered after signing. No network call. Tamper with a single number and verification fails closed. --against-repo also confirms it still matches the live ledger.

the good virus

Spread

Drop the badge in your README and every visitor sees it. Each repo that adopts a verified proof advertises trust — and Causari — to everyone who reads it. Generating and verifying are free forever; the hosted public verifier, org registry, RFC 3161 anchoring and compliance exports are the commercial Trust Plane.

A cryptographic certificate of how your code was really made

$ re proof generate

proof: causari-proof.json

128 events · 4 session(s) · 36 file(s)

agents: claude-code, cursor, cline

skills: 19 total (12 verified, 5 proven)

badge: causari-proof.svg — paste into your README

$ re proof verify --against-repo

ok signature valid (Ed25519)

attests: 128 events · 3 agents · 5 proven skill(s)

fresh: proof matches the current ledger exactly

$ # someone edits the proof to fake more provenance…

INVALID signature verification FAILED — proof was modified after signing

→ tamper-evident. It fails closed, with no server in the loop.

The difference

Without Causari vs. With Causari.

Without Causari

$ git blame src/auth.ts:42

claude · 48 hours ago · commit a3f7b2c

$ # now search 4000 lines of chat...

ctrl+f "auth" ... no match

ctrl+f "JWT" ... 47 matches

→ 45 minutes lost

With Causari

$ re why src/auth.ts:42

introduced by a3f7b2c9

agent: claude-3.5-sonnet

prompt: "Add JWT refresh logic"

reasoning: The spec calls for 24h rotation...

→ 3 seconds

Continuous assurance

Guard keeps your README honest.

One command generates a live badge. Paste it into your README and every visitor sees the health of your causal ledger.

$ re guard --badge

Clean ledger. No risky patterns in the last 20 events.

$ re guard --badge

Source files edited without tests. Review recommended.

$ re guard --badge

Critical file modified without test coverage. Block merge.

Your rules

Define guard rules in plain TOML.

No cloud console. No YAML. One file, checked into your repo, readable by humans and machines.

[rules]

Catch bulk edits that are easy to miss

[[rules]] name = "bulk-edit" when = "*.rs" threshold = 10

Security files must have tests

[[rules]] name = "auth-needs-test" when = "auth" threshold = 1

Schema changes are high-risk

[[rules]] name = "schema-change" when = "migrate" threshold = 1

✓ scanning last 20 events…

| Event | Agent | Status | Rule | Detail | |------------|--------|--------|------------------|---------------------------------| | a3f7b2c9 | claude | 🔴 | auth-needs-test | modified auth.rs, no test | | d5e2a1b3 | claude | 🟡 | schema-change | touched 2 migrate files | | e112706e | claude | ✅ | — | clean |

2 alert(s), 1 warning(s) found. Review with: re show re diff re trace

What you get

A complete causal layer for agentic codebases.

15+ commands. One binary. Zero cloud. Built in Rust, content-addressed with BLAKE3, queryable in microseconds.

Zero-cooperation capture

re proxy sees every prompt and dollar at the wire. re watch sees every byte on disk. The content-based join attributes each file change to the real prompt, model and cost — no agent integration required.

Bidirectional causal graph

re trace walks upstream — every event that contributed to a line, transitively. re impact walks downstream — every event that depended on a change. The full blast radius, before you click revert.

Built-in MCP server

One flag — re mcp — and Claude Desktop, Cursor, Cline and Windsurf can read and write the ledger. Tools: causari_record, causari_recall, causari_why.

Time-travel debugging

Restore the full workspace to the state before any event in the timeline. Combine with re bisect --test to binary-search the agent action that broke the build.

Provenance lens

re lens src/auth.ts renders the file with per-line attribution — agent, model, prompt, snippet — like git blame, but for intent. The first hour of onboarding any AI-touched codebase, solved.

Causal watchdog

re guard scans recent events for risky patterns only a causal ledger can see. --badge generates an SVG shield for your README. --summary emits a Markdown table ready to paste into PR comments. Catches what linters and git hooks miss.

Causality-aware revert

Revert isn't free. Causari shows you the downstream events that would lose their context, then asks. No more silent regressions hidden in three layers of agent reasoning.

Local-first, no cloud

Everything lives in .causari/ next to your code. BLAKE3 content-addressed. Your prompts, models and reasoning never leave your machine. No telemetry. No accounts. Ever.

Versus the world

The category nobody else is building.

There are great tools for source control, observability, and agent monitoring. None of them sit at the intersection where AI codebases actually break.

Capability git LangSmith IDE checkpoints Causari

Tracks code✓✗✓✓

Tracks the prompt✗✓✗✓

Works without agent cooperationbytes only✗IDE only✓

Tracks the model✗✓✗✓

Tracks reads (context)✗partial✗✓

Causal graph (upstream)✗✗✗✓

Causal graph (downstream)✗✗✗✓

Per-line provenance lensblame✗✗✓

Bisect on any predicate✓✗✗✓

MCP server (universal agents)✗✗✗✓

Local-first, no cloud✓✗depends✓

Open source✓SDK onlydependsBSL 1.1

MCP integration

One config snippet. Every agent runtime.

Causari speaks Model Context Protocol natively. Drop the snippet into your agent's settings and Causari shows up as three callable tools — causari_record, causari_recall, causari_why.

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows).

{ "mcpServers": { "causari": { "command": "re", "args": ["mcp"], "cwd": "/absolute/path/to/your/project" } } }

Run once in your project directory:

claude mcp add causari -- re mcp

Add to .cursor/mcp.json in your project (or in ~/.cursor/mcp.json globally).

{ "mcpServers": { "causari": { "command": "re", "args": ["mcp"] } } }

Same config shape as Cursor — Windsurf surfaces the tools automatically.

{ "mcpServers": { "causari": { "command": "re", "args": ["mcp"] } } }

Add to VS Code's cline_mcp_settings.json.

{ "mcpServers": { "causari": { "command": "re", "args": ["mcp"] } } }

Tip: have the agent call causari_record after every tool call. Causari builds a complete, queryable history of the session for you, automatically.

Code gallery

Real commands. Real output.

No mockups. This is the actual re CLI on a real session.

$ re why src/auth.ts:42

src/auth.ts:42 → introduced by event a3f7b2c9 agent: claude-3.5-sonnet prompt: "Add JWT refresh logic that rotates ever

[truncated for AI cost control]