Skip to main content
Image Alt

TraceVault: AI Code Governance Platform

Built for regulated industries — finance, payments, banking — where AI-generated code needs the same audit rigor as human-written code.
Image Alt

Open Source Flight Recorder for AI-Assisted Development

AI coding agents are writing more code than ever — but who's watching what they do? TraceVault captures every AI interaction, enforces governance policies, and builds a cryptographically signed audit trail. Think of it as a flight recorder for your AI-assisted development workflow.

Core Capabilities

TraceVault captures what AI coding agents do in your repos: which files they touch, tokens burned, tools called. Then, it enforces policies and produces a tamper-evident audit trail for regulatory compliance.

Capture

Hooks into AI coding agents (Claude Code etc.) and records every tool call, file modification, token usage, and full session transcript.

Enforce

Server-managed policy rules block or warn when required tools aren't called (e.g., code review, security scanners). Configurable per-repo.

Audit

Every trace is Ed25519-signed and SHA-256 hash-chained into an immutable, append-only audit trail with cryptographic verification.

Comply

Built-in compliance modes for SOX (7-year retention), PCI-DSS (WORM storage), and SR-11-7 (model risk). Role-based access control.

How It Works

Developer uses AI agent (Claude Code, Cursor, etc.)

TraceVault hooks capture every interaction

Developer runs git push

Pre-push hook triggers automatically:

tracevault sync    →  sync repo metadata

tracevault check   →  evaluate policies (blocks if failed)

tracevault push    →  upload traces to server

Server signs, chains, and seals the record

Dashboard: analytics, audit trail, code browser

Getting Started

Install

cargo install tracevault-cli

Login

Authenticate to your TraceVault server:

tracevault login --server-url https://tracevault.example.com

This opens a device authorization flow — approve the request in your browser and the CLI stores the token locally.

Initialize in a Repository

cd /path/to/your/repo tracevault init --server-url https://tracevault.example.com

This sets up everything automatically:

  • Creates .tracevault/ directory with local config
  • Installs Claude Code hooks (PreToolUse / PostToolUse) into .claude/settings.json
  • Installs a git pre-push hook that runs sync, check, and push
  • Registers the repository on the server

From this point on, every AI interaction is captured transparently. When you git push, traces are checked against policies and uploaded to the server — no manual steps required.

TraceVault brings accountability to AI-assisted development with complete interaction tracing and cryptographic audit trails.

mountains.jpg

Why VirtusLab

TraceVault is developed within our AI-Driven Delivery Infrastructure Department - by engineers who design and execute large-scale modernization programs for global enterprises.

The Engineering Minds Behind TraceVault

15+ years of JVM ecosystem leadership

Contributors to Scala compiler & Metals

Experts in Bazel & monorepo architectures

Creators of Jenkins Operator

160+ OSS repositories

Enterprise technology transformations across finance, retail & technology