The latest articles on DEV Community by Praveen (@pn_28428886923dfc665). https://dev.to/pn_28428886923dfc665 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3940098%2F8a7a4942-5b0d-4847-9a7a-2eaf76d0ce30.png https://dev.to/pn_28428886923dfc665 en Praveen Fri, 22 May 2026 04:48:23 +0000 https://dev.to/pn_28428886923dfc665/the-ghost-in-the-repo-why-ai-agents-break-git-blame-3e6o https://dev.to/pn_28428886923dfc665/the-ghost-in-the-repo-why-ai-agents-break-git-blame-3e6o <p>For the last 15 years, <code>git blame</code> has been the ultimate source of truth for software engineering. If a production bug surfaces, or a security auditor asks why a specific database query was written a certain way, <code>git blame</code> tells you exactly who to ask.</p> <p>With the rapid adoption of agentic CLI tools like Claude Code, OpenAI Codex, and Aider, that source of truth is silently breaking.</p> <h3> The Context Collapse </h3> <p>When you use an AI agent to write code, the workflow looks like this:</p> <ol> <li>You open the terminal and type: <em>"Add a JWT verification middleware, skip checking the expiration for now."</em> </li> <li>The AI uses a tool (like Anthropic's <code>tool_use</code> or OpenAI's <code>apply_patch</code>) to edit <code>auth.py</code>.</li> <li>You review the diff in your terminal, hit 'y' to accept, and commit the code.</li> </ol> <p>Here is the problem: <strong>Git only records Step 3.</strong></p> <p>The most critical piece of context—the intent (<em>"skip checking the expiration"</em>), the model used (<em>claude-3-5-sonnet</em>), and the fact that an AI generated it—evaporates the moment you close the terminal. We are filling our repositories with "Ghosts"—code that looks like it was written by a human, but lacks any human architectural intent.</p> <h3> Why this is a Security Nightmare </h3> <p>If you are a solo developer, this is just annoying. If you are an engineering manager or a CISO, this is a massive compliance blindspot. </p> <p>When a vulnerability scanner flags that JWT middleware three months from now, the reviewing engineer will see your name on the commit. They will assume you had a specific, undocumented business reason for skipping the expiration check. They won't know it was a hallucinated shortcut taken by an AI model. </p> <h3> Fixing it at the Proxy Layer </h3> <p>To solve this for my own workflows, I realized that scraping text or using git hooks wouldn't work. By the time code hits git, it's too late. The provenance is gone.</p> <p>I recently open-sourced <strong>LineageLens</strong>, a self-hosted intercepting proxy designed specifically for AI agents. Instead of looking at git, it sits between your terminal and the AI provider. </p> <p>Because it intercepts the raw API traffic, it can parse the actual structured tool calls. It builds a state machine to track when an AI <em>proposes</em> an edit, and correlates it with the subsequent <code>tool_result</code> to confirm if the developer actually <em>applied</em> it. </p> <p>The result is a local, searchable audit trail that answers: <em>"Which code in our repo was AI-generated, by which model, with what exact prompt?"</em> If you are interested in how the proxy parses these agentic protocols, or if you want to run the single-container SQLite version to track your own AI usage this weekend, the repo is live here: <a href="https://github.com/karnati-praveen/lineagelens" rel="noopener noreferrer">LineageLens on GitHub</a>.</p> <p>Are you currently tracking AI provenance in your repos, or are you flying blind? Let me know in the comments.</p> ai devops opensource security