DEV Community

Praveen
Praveen

Posted on

The "Ghost in the Repo": Why AI Agents break Git Blame

#ai #opensource #security #devops

For the last 15 years, git blame has been the ultimate source of truth for software engineering. If a production bug surfaces, or a security auditor asks why a specific database query was written a certain way, git blame tells you exactly who to ask.

With the rapid adoption of agentic CLI tools like Claude Code, OpenAI Codex, and Aider, that source of truth is silently breaking.

The Context Collapse

When you use an AI agent to write code, the workflow looks like this:

  1. You open the terminal and type: "Add a JWT verification middleware, skip checking the expiration for now."
  2. The AI uses a tool (like Anthropic's tool_use or OpenAI's apply_patch) to edit auth.py.
  3. You review the diff in your terminal, hit 'y' to accept, and commit the code.

Here is the problem: Git only records Step 3.

The most critical piece of context—the intent ("skip checking the expiration"), the model used (claude-3-5-sonnet), and the fact that an AI generated it—evaporates the moment you close the terminal. We are filling our repositories with "Ghosts"—code that looks like it was written by a human, but lacks any human architectural intent.

Why this is a Security Nightmare

If you are a solo developer, this is just annoying. If you are an engineering manager or a CISO, this is a massive compliance blindspot.

When a vulnerability scanner flags that JWT middleware three months from now, the reviewing engineer will see your name on the commit. They will assume you had a specific, undocumented business reason for skipping the expiration check. They won't know it was a hallucinated shortcut taken by an AI model.

Fixing it at the Proxy Layer

To solve this for my own workflows, I realized that scraping text or using git hooks wouldn't work. By the time code hits git, it's too late. The provenance is gone.

I recently open-sourced LineageLens, a self-hosted intercepting proxy designed specifically for AI agents. Instead of looking at git, it sits between your terminal and the AI provider.

Because it intercepts the raw API traffic, it can parse the actual structured tool calls. It builds a state machine to track when an AI proposes an edit, and correlates it with the subsequent tool_result to confirm if the developer actually applied it.

The result is a local, searchable audit trail that answers: "Which code in our repo was AI-generated, by which model, with what exact prompt?" If you are interested in how the proxy parses these agentic protocols, or if you want to run the single-container SQLite version to track your own AI usage this weekend, the repo is live here: LineageLens on GitHub.

Are you currently tracking AI provenance in your repos, or are you flying blind? Let me know in the comments.

Top comments (0)