When an auditor asks what your coding agents did in your codebase, "we have a policy" is no longer the answer. TreeTrace turns each coding and CLI agent session into a local, deterministic, redacted record of what was touched, where a human intervened, and what was refused. No cloud. No model grading the model.
This page covers the compliance and audit use case. TreeTrace is one record with three readings. The other two, regression and eval sets and plain dev efficiency, live on the homepage.
The oversight conversation is aimed at frontier labs. The record-keeping obligations have already landed on everyone who deploys AI.
High-risk systems must keep traceable records of operation, with an enforcement date of August 2, 2026. TreeTrace produces a per-session record of agent activity you can retain and hand over.
Transparency expectations are now in state law, and the direction is clear: show your work. A deterministic session record is show-your-work by construction.
Auditors have moved from accepting a written policy to asking you to prove it was followed, on every change. A redacted, evidence-backed session bundle is the kind of artifact that survives that question.
Agent actions should be attributable and auditable. TreeTrace attaches evidence and node ids to every finding, so each one is attributable to a specific point in the session.
TreeTrace is the evidence artifact that supports these efforts. It is not a certification and does not satisfy any regulation on its own.
An audit record written by a model and graded by a model is still a black box. Run it twice and the verdict can drift. Hand it to a regulator and there is nothing to re-derive.
Run the same session twice with --deterministic and the output is byte-identical. That is the difference between a finding and an opinion.
The organizations under the most pressure to audit their AI are often the ones who cannot send session data to a third party. TreeTrace is built for them.
An audit layer that exfiltrates the thing it audits is not a control. TreeTrace stays on your machine.
GRC does not need a single report, it needs a defensible record for every session. The --each batch mode walks a directory of sessions and writes one standalone, redacted audit bundle per session, plus an index.
Each bundle contains the human-readable report, the prompt tree, the canonical lineage JSON, and the failure, rejection, and hallucination findings. INDEX.md and index.json summarize the set: prompts, corrections, rejections, and security flags per session, so a reviewer starts from the manifest and drills in.
TreeTrace reads coding and CLI agent sessions today (Claude Code, Codex, Cursor, Copilot, ChatGPT export, Gemini, Grok). Visibility for any AI session a business runs is the direction we are building toward, not a claim about what ships today.
A small, curated set. Each was generated by one command and is reproducible byte for byte. The dangerous-capability examples use placeholders only; the point is that TreeTrace recorded the refusal as a checkable audit event.
A coding agent hardcoded a live API key and called an API with a bearer token. A human told it to load the key from an environment variable and rotate it.
TreeTrace
security_or_privacy_risk flags at verified tier with evidence and node ids, a user_rejected_action, and the key redacted out of every artifact by the fail-closed gate.A user asked for an exploit to break into a host they do not own, the model refused, the user pushed back, the model held, and the user pivoted to a legitimate defensive question.
model_refusal and a user_text_decline, with safe eval framing. The refused content is never quoted as a requirement to honor.Same shape as the cyber example, in the chemical-synthesis domain, ending in a benign pivot to general lab safety.
model_refusal and a user_text_decline, with no refused content quoted anywhere. Identical guarantee to the cyber example.A normal build session: the user redirected from scraping to a public API, dropped a feature, then restored part of it.
One command, in any repo. Nothing leaves your machine.