TL;DR in plain English
- Causari records each action an AI coding agent takes — the prompt, the model identifier, file reads and writes, and the agent's reasoning — and exposes those events so you can trace, diff, revert and bisect them like git commits (source: https://github.com/croviatrust/causari).
- Use a short POC on a non-production repo to verify trace, revert and bisect flows before wider rollout; consult the project README for exact startup steps and flags at https://github.com/croviatrust/causari.
- Operational policy (who may revert, what requires human review) and access controls should be decided before you enable agent write access to any shared branch.
Methodology note: feature claims in this document are taken from the project README at https://github.com/croviatrust/causari.
What you will build and why it helps
You will build a short proof-of-concept that attaches Causari's built-in MCP (Micro Causality Proxy) server to an AI coding agent so every agent action is captured with bidirectional causal provenance and represented like a git-style commit (source: https://github.com/croviatrust/causari).
Why this helps:
- Auditability: go from a changed line back to the prompt and model id that produced it (see https://github.com/croviatrust/causari).
- Revertability: revert a single agent action similarly to a git commit, instead of rolling back unrelated human work.
- Debugging: bisect agent steps to find the exact step that introduced a regression.
Decision table (mapping agent events to recorded fields):
| Agent event | Recorded fields | Equivalent git concept | |-------------|-----------------|------------------------| | Prompt sent | prompt text, model id | commit start / message | | File read | path, byte ranges | read-set annotation | | File write | path, diff | commit-like record | | Reasoning | notes / metadata | attached commit metadata |
Reference: https://github.com/croviatrust/causari
Before you start (time, cost, prerequisites)
- Read the project README and code at https://github.com/croviatrust/causari to confirm current commands and flags.
- Minimum prerequisites: a test git repository or fork, basic git skills, and a machine or container where you can run the MCP server described in the repo.
- Suggested team and timebox for a POC: 1–2 engineers and one reviewer; plan a focused ~3 hour POC to exercise trace, revert and bisect flows.
- Prepare an operational policy before enabling agent writes: who can approve agent PRs, which paths are protected, and how provenance logs are accessed (see the repo for feature details: https://github.com/croviatrust/causari).
Safety checklist (copy and tick before you begin):
- [ ] Use a non-production test repo or fork (https://github.com/croviatrust/causari)
- [ ] Create a backup branch (for example: main-backup)
- [ ] Decide who may approve agent changes and set CODEOWNERS
- [ ] Ensure monitoring for MCP health and store-size alerts
Step-by-step setup and implementation
Follow these concise steps and verify exact commands in the repo README at https://github.com/croviatrust/causari.
- Clone the repository and inspect README to find the MCP startup command and API endpoints.
# clone and inspect README
git clone https://github.com/croviatrust/causari.git
cd causari
less README.md
- Start the MCP server that is bundled or documented in the repo. Use the repository's recommended startup script or binary and confirm the health endpoint (see repo: https://github.com/croviatrust/causari).
# illustrative — use the repo's provided command per README
./mcp-server --help
# or, if provided in scripts
./scripts/start-mcp.sh
- Configure your agent to emit events to the MCP endpoint. The project states it records prompts, model ids, reads, writes and reasoning metadata (https://github.com/croviatrust/causari).
# example-agent-config.yaml (illustrative — adapt per README)
mcp_endpoint: "http://mcp.local:8080"
agent_id: "agent-01"
emit_prompts: true
emit_reads: true
emit_writes: true
-
Run an agent session against a feature branch in a fork or staging repo. Keep the first edit intentionally small so you can validate a single agent step in traces. Verify traces appear via the MCP UI or API described in the repo.
-
Validate revert and bisect flows using the tools the project exposes: trace an offending agent step to its prompt and revert that single step without affecting unrelated human commits; consult the repo for the exact commands and API (https://github.com/croviatrust/causari).
Quick verification command (illustrative):
# example: list recent traces (adjust to actual API per repo docs)
curl -s "http://mcp.local:8080/api/v1/traces?limit=10" | jq '.[] | {id,agent,model}'
Common problems and quick fixes
All items below reference the project README and feature summary at https://github.com/croviatrust/causari.
-
MCP connectivity errors
- Symptom: agent cannot reach MCP; connection timeouts.
- Quick fix: confirm the mcp_endpoint URL, DNS and firewall rules; curl the health endpoint and check for HTTP 200.
-
No recorded events
- Symptom: agent runs but traces are absent in MCP.
- Quick fix: enable emit_prompts and emit_writes in the agent config and verify the agent POSTs to the MCP API; inspect MCP logs for HTTP 4xx/5xx.
-
Noisy or bulk edits
- Symptom: agent edits touch many files and diffs are noisy.
- Quick fix: restrict agent scope to a single directory, add CI checks that fail when changed file count exceeds policy, and require manual review for large edits.
-
Storage growth
- Symptom: provenance store grows rapidly.
- Quick fix: implement retention and archival policies and add store-size alerts; see repo for provenance features: https://github.com/croviatrust/causari.
First use case for a small team
Reference and feature claims: https://github.com/croviatrust/causari
This section targets solo founders and very small teams (1–3 people). Below are concrete, actionable steps you can follow in the first 1–2 POCs.
-
Start isolated and minimal: run one agent against a forked repo and a single feature branch. Verify one end-to-end cycle (prompt → edit → recorded trace → reviewer decision) before expanding scope. Keep edits limited to a single file for the first test so you can validate trace/revert logic quickly.
-
Require human-in-the-loop approvals: do not enable auto-merge initially. Configure your CI to block merges from agent PRs until at least one human reviewer signs off. For solo founders, that means you manually review and merge every agent PR until confidence grows.
-
Use a lightweight monitoring and rollback playbook: set a simple health check for the MCP endpoint and a documented rollback step (how to revert a single agent action from the MCP trace). Practice the revert once in a controlled test so the manual path is familiar.
-
Keep operational complexity minimal: avoid running multiple agents or complex toolchains; use a single model endpoint and a single MCP instance during early experiments.
Notes: the project README documents that Causari records prompts, model ids, reads, writes and reasoning and provides bidirectional causal provenance via the MCP server (https://github.com/croviatrust/causari). Suggested numeric thresholds for rate limits, retention and gating are listed in the Assumptions / Hypotheses section below.
Technical notes (optional)
- Project claim: Causari records prompts, model ids, reads, writes and reasoning and provides bidirectional causal provenance with a built-in MCP server (https://github.com/croviatrust/causari).
- Operational advice: run MCP behind authenticated access, integrate MCP logs into your observability stack, and redact or encrypt reasoning traces if they may contain secrets.
Example archival config (illustrative JSON — verify schema in repo):
{
"provenance": {
"retention_days": 90,
"archive_bucket": "s3://my-provenance-archive",
"archive_trigger_gb": 50
}
}
- Monitoring suggestions (illustrative): poll MCP health every 30s and alert after repeated failures; export logs to your existing aggregator. See repo for feature surface: https://github.com/croviatrust/causari.
What to do next (production checklist)
Reference for feature claims: https://github.com/croviatrust/causari
Production handover checklist (copy and complete):
- [ ] Security review of provenance logs complete
- [ ] RBAC/auth configured for MCP
- [ ] Retention and archival policy documented
- [ ] CI gating and CODEOWNERS set for agent PRs
- [ ] Monitoring + alerting live for MCP health and store size
- [ ] Rollback playbook tested end-to-end
Assumptions / Hypotheses
- Feature set (recording prompt, model id, reads, writes, reasoning; trace/diff/revert/bisect; built-in MCP server) is taken from the project README: https://github.com/croviatrust/causari.
- The numeric thresholds below are recommended starting points for planning and capacity; they are not asserted defaults of the project and should be tuned to your environment:
- POC duration: ~3 hours
- Team size for POC: 1–2 engineers plus 1 reviewer
- Canary percentage examples: 5% of repos or 2% of PR traffic
- Retention example: 90 days
- Archive trigger: 50 GB store size
- File-change guard: >10 files requires manual review
- Auto-merge quota example: 2 merges/week
- Rollback SLA target for initial rollout: 2 hours
- Agent run limit for early tests: 10 runs/day
- MCP health poll interval: every 30s; alert after 5 consecutive failures
- Example query list limit used in examples: 10
Risks / Mitigations
- Risk: agent reasoning traces may include secrets or PII. Mitigation: redact or encrypt traces, restrict access via RBAC, and run a security review for logging policies.
- Risk: storage growth and cost. Mitigation: apply the retention and archival policy above (retention_days, archive_trigger_gb) and add store-size alerts.
- Risk: noisy bulk edits and accidental mass changes. Mitigation: enforce CI checks, restrict agent scope, and require manual review for edits touching >10 files.
- Risk: accidental auto-merge of incorrect edits. Mitigation: disable auto-merge at first and enforce human approval; set a conservative auto-merge quota while confidence increases.
Next steps
- Run a POC against a non-production repo following instructions at https://github.com/croviatrust/causari; aim for the short ~3 hour test and 1–2 engineers.
- Configure MCP access controls and integrate its health endpoint into your monitoring (poll every 30s, alert after repeated failures).
- Test revert and bisect flows by creating a controlled faulty edit and confirming you can trace and revert the single agent step using the tools the repo documents.
- Draft the initial policy items: approvers list, retention period, rollback SLA and auto-merge quota; store the policy with your repo's operational runbook.
Repository reference for all steps and feature claims: https://github.com/croviatrust/causari