Get This Tool
Causari
Summary
Cursor touched 30 files in four minutes, a test broke 200 prompts later, and you have no way to connect the line of code to the intent that produced it — that is the exact problem Causari was built to close.
Causari is a content-addressable ledger that sits between your agents and both the LLM API and the filesystem, joining wire-captured prompts to disk-captured edits by matching the lines an agent wrote against the completions it received moments before. The causal fingerprint requires no cooperation from the agent itself — a passive proxy and a filesystem watcher do the work. Distilled sessions become signed, portable skills that agents can query before acting, turning past verified work into ranked recall. The architecture holds well for single-repo, single-team debugging and provenance. Teams running distributed, multi-repo setups or wanting hosted verification will hit the boundary of what the self-hosted binary covers — that functionality sits behind a paid-only Trust Plane.
Bottom line: Reach for Causari when you need to answer 'which prompt wrote that line' in a solo or small-team repo — plan around it when your audit trail needs to span multiple repos, hosted verification, or organizational skill registries that require the paid-only Trust Plane.
Community Performance Report Card
No community ratings yet. Be the first to rate this tool!
Community Benchmarks Community
Sign in to submit a benchmarkNo community benchmarks yet. Be the first to share a real-world data point.
Pros
Sign in to edit- Agentless provenance capture via a local proxy and filesystem watcher, which means you get a causal record even when the agent exposes no hooks and volunteers nothing about its own history.
- Content-addressed causal join links specific inserted lines to the completions that produced them with a confidence score, so bisecting a silent regression no longer means reading an hour of chat logs and giving up.
- Native Claude Code integration via lifecycle hooks captures every prompt and every edit at the source without inference, giving exact rather than probabilistic provenance for that agent.
- Ed25519-signed skill files with tamper detection, so a skill that gets quietly edited is caught by 're skill verify' before an agent recalls and acts on corrupted guidance.
- MCP-based skill recall ranks proven and verified skills above unverified ones, which means agents doing repeated tasks reuse what already worked rather than rediscovering it from scratch at full token cost.
Cons
Sign in to edit- Hosted verification, cross-repo anchoring, the organizational skill registry, and audit exports are paid-only features — teams that need to share provenance across multiple repositories or produce tamper-proof audit artifacts for external stakeholders hit this wall immediately and must either self-build the infrastructure or move to the commercial Trust Plane.
- The causal join between completions and file edits depends on the inserted lines appearing verbatim inside the captured completion; heavily post-processed or reformatted agent output produces lower confidence scores or misses, so teams using agents that heavily transform LLM output before writing to disk get degraded provenance and fall back to manual annotation.
- At v0.1.0 the only native lifecycle-hook integration named in the docs is Claude Code — teams running other agents rely entirely on the proxy-plus-watcher inference path, and if their agent does not accept a BASE_URL override they get no wire capture at all, at which point they are likely to evaluate LangSmith or a vendor-native tracing tool that already integrates with their stack.
Community Reviews
Sign in to write a reviewNo reviews yet. Be the first to share your experience.
About
- Platforms
- Linux, macOS, Windows
- API Available
- Yes
- Self-Hosted
- Yes
- Last Updated
- 2026-07-08T12:32:58.405Z
Best For
Who it's for
- Teams using multiple AI coding agents
- Projects needing auditable agent provenance
- Organizations requiring verifiable skill reuse
- Developers debugging silent agent-induced regressions
What it does well
- Trace which prompt produced a specific code change
- Bisect regressions across agent sessions
- Distill and reuse verified agent skills across teams
- Generate tamper-proof AI provenance proofs for audits or PRs
Integrations
Discussion Community
Sign in to commentNo discussion yet. Sign in to start the conversation.
Compare Causari
Spotted incorrect or missing data? Join our community of contributors.
Sign Up to ContributeCommunity Notes & Tips Community
Sign in to contributeBe the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.
Frequently Asked Questions
- Is Causari free?
- Causari has a permanent free tier alongside paid upgrades. You can keep using a baseline version indefinitely without paying.
- Is Causari open source?
- Yes. Causari is open source.
- Does Causari have an API?
- Yes. Causari exposes a developer API. See the official documentation at https://causari.dev for details.
- Can I self-host Causari?
- Yes. Causari supports self-hosting on your own infrastructure.
- What platforms does Causari support?
- Causari is available on: Linux, macOS, Windows.
Hours Saved & ROI Stories Community
Sign in to contributeBe the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."
Curated lists that include this category
Every existing observability tool for AI coding agents records either the conversation or the file snapshot — none of them connect a specific line of code to the specific prompt that caused it. Causari addresses this by running two passive capture streams simultaneously: a local LLM proxy that intercepts every prompt and completion on the wire, and a filesystem watcher that snapshots every file change on disk. A causal join then searches the inserted lines inside the completions captured moments before; a match becomes a provenance record with a confidence score. Where the agent exposes lifecycle hooks — Claude Code is the named integration — capture happens natively at the source, eliminating the inference step entirely.
The differentiating feature is that provenance requires no self-reporting from the agent. Every previous approach depended on the agent volunteering its own history. Causari observes independently, so the record is a fact rather than a claim. The ledger is queryable with commands modeled on git — ‘re why auth.py:2’ returns the exact prompt, model, and confidence score for that line — and the binary is described by the vendor as approximately 3 MB with no telemetry.
Beyond debugging, Causari distills completed sessions into signed skill files, each carrying the prompt, steps, and file changes from a task. Skills progress through a trust ladder — recorded, verified once, then proven after three or more successful recalls — and are signed with the repo’s Ed25519 key so any single-byte edit is detectable. Agents query the skill registry through an MCP interface before acting, and the docs describe ranked retrieval that weights proven skills over verified ones, which the vendor states makes repeated tasks progressively cheaper. The hosted verifier, skill registry, cross-repo anchoring, and export features are paid-only.
Causari is licensed under BSL 1.1 transitioning to Apache 2.0, runs on Linux, macOS, and Windows, and exposes an API. Self-hosting is supported. The proxy is compatible with OpenAI and Anthropic endpoints, so any agent that accepts a BASE_URL override works without modification.
