Something I have been thinking about in the AI governance space that I do not see discussed enough: provenance capture is not like most tooling categories.
With most observability or audit tooling, the reasoning is "we should have this so we're better positioned going forward." You can turn it on when the need becomes clear. You lose some history, but the tooling from that point forward is complete.
AI code provenance does not work this way.
The prompt a developer submits to Claude Code exists for a few hundred milliseconds in transit. After the model returns its response and the editor applies the change, that prompt is gone. Git records the diff. Nothing else records the origin by default. There is no reconstruct operation.
I m working on a revamping the 3 years old project called PriveGuard.com and wanted to share the vision behind it with the PH community before our official launch.
