Show HN:Grepathy —— Claude 做出了一个没人赞同的决定
Show HN: Grepathy – Claude made a decision nobody approved

原始链接: https://github.com/evansjp/grepathy

**Grepathy** 是一款本地命令行工具,旨在解决 AI 辅助开发中“为什么这样做”的问题。编码智能体往往会做出一些未经明确批准的隐性决策,这些决策通常被埋没在短暂的聊天记录中,导致人工审查者和后续的智能体无法获知缘由。 Grepathy 不依赖于不稳定的日志,而是解析本地智能体的会话记录,并将其提炼为结构化的 Markdown 文件,直接提交到你的仓库中。 **核心功能:** * **可追溯性:** 自动记录智能体发起的决策(例如:“为什么要选择这个库?”),无需你手动提示智能体进行记录。 * **可审查的历史记录:** 每个分支都会生成一个 `.ai/why/` 文件夹,作为团队成员和审查者的永久记录。 * **智能体上下文:** 后续的智能体可通过 Git 钩子自动读取这些记录,确保在进行进一步修改前了解之前的推理过程。 * **隐私优先:** 所有操作均在本地运行。数据不会离开你的机器;该工具会在你审查并提交摘要之前,自动剔除密钥和敏感业务信息。 Grepathy 不会阻碍你的工作流程,也不会修改暂存区,它提供了一个轻量且透明的层级,使 AI 编写的代码更具可维护性和责任性。

**Grepathy** 的开发者开发该工具的起因是,一个 AI 智能体(Claude Code)在开发者不知情的情况下,擅自做出了诸如在 Clerk 中创建“访客用户”等架构决策。由于 Claude Code 会在 30 天后删除交互记录,开发者丢失了这些变更背后的逻辑,导致在与首席技术官(CTO)沟通时陷入了尴尬境地。 Grepathy 通过将 AI 交互记录本地提炼为 Markdown 文件并直接提交到代码库来解决这一问题。它仅捕获智能体做出的“决策”,从而确保留下永久且可搜索的审计追踪(通过 `grep -rn "agent-initiated"` 命令),以防止“幽灵”功能的出现并确立责任归属。 该项目还包含一份盲测报告,证明使用 Grepathy 的智能体在回答“为什么”这类问题时表现更优,而基准智能体往往会产生虚假的理由。尽管 Hacker News 上的一些评论指出,决策往往源于用户的提示词而非 AI 的自主意志,但 Grepathy 通过确保所有 AI 驱动的变更保持透明、可文档化且受版本控制,为智能体编码工作流中日益严重的“黑箱”问题提供了一种实用的解决方案。
相关文章

原文

Make agent-written code reviewable.

When a coding agent builds a feature, it makes a bunch of small decisions along the way that you never really approved. Later someone reviews the PR and asks "why was this done this way?" and you don't know. The answer is buried in a chat transcript on your laptop, and Claude Code deletes those after 30 days by default.

Grepathy reads your session transcripts locally, pulls out the decisions, and writes them to a markdown file that gets committed with your code. Now the repo can answer "why" on its own, for reviewers, teammates, and future agents.

Real example: on a contract project, my agent decided on its own to pre-create guest users in Clerk. It wasn't in any plan. The CTO saw it in the PR and asked me why. I had no idea, because I hadn't made that decision. With Grepathy, it would have been in the repo:

### Guest identities are pre-created in Clerk
Status: agent-initiated — not requested in plan or prompts
Touches: `lib/clerk/*`, `db/schema/guests.ts`

The agent inferred this approach to simplify downstream auth checks.
No explicit rationale was discussed.

Risk: guest users diverge from the normal signup path.
Reviewer attention: confirm whether guests should be modeled as normal users.

Run grep -rn "agent-initiated" .ai/why/ and you get a list of every decision the agent made without asking anyone.

You don't run Grepathy. It runs itself off hooks:

claude        # work normally, let the agent commit as it goes
git push      # Grepathy writes the why file and shows it to you for review

A few things worth knowing:

  • It works from the transcript after the fact. It never asks the agent to "log its decisions" mid-task (we tried that first, agents just don't do it).
  • Each branch gets one file: .ai/why/<branch>.md.
  • Future agents actually see this stuff. A note in CLAUDE.md points them at the why files, and a hook injects the relevant entries right before an agent edits a file that has history.
  • It never blocks a push, never touches your staging area, and never pushes anything itself. It plays fine with multiple agents and worktrees.

How a future agent meets the why — two automatic triggers, both reading from the committed why-pack, so the agent never has to remember to go look:

flowchart TD
    why[("the why-pack<br/>(.ai/why/, committed)")]

    claude["CLAUDE.md pointer<br/>auto-loaded every session"]
    hook["PreToolUse hook<br/>fires right before an edit"]

    claude -->|"why / explain / review"| read["agent reads<br/>the why-pack"]
    hook -->|"edited file matches a Touches: glob"| inject["matching entries injected<br/>into the agent's context"]

    why -.-> read
    why -.-> inject

    read --> meets["✅ agent meets the reasoning<br/>before it changes the code"]
    inject --> meets
Loading

No server, no accounts, no bot. It's a CLI, some hooks, and markdown files in git. Full detail in docs/how-it-works.md.

Your transcript never leaves your machine. The only thing that gets shared is the markdown summary, and the summarizer follows strict rules: it never quotes your messages, never describes your confusion or back-and-forth, never includes business or money details, and strips secrets. Two deterministic checks sit behind the prompt (a secret/finance scanner and a rule that every entry must point at real code), then you review the file before you push. If you edit or delete an entry, Grepathy respects that forever.

More detail in docs/privacy.md.

What it's good for (we actually tested this)

We ran a blind, pre-registered eval against an honest baseline and published the whole thing, including the parts where the tool lost: docs/REPORT.md.

Where it helps:

  • Saving reasoning before it's deleted. Claude Code throws away transcripts after 30 days. Two of our own projects lost their entire history before we could even run the eval. grepathy init offers to backfill whatever is still alive.
  • Knowledge that isn't in the code. Things like "we considered a CDN and rejected it" or "the agent did this on its own, nobody approved it" leave no trace in the code. In our tests, agents with the why file got these right. Agents without it made up plausible-sounding wrong answers.

Where it doesn't help, honestly:

  • It won't stop an agent from refactoring away important code. We tested that directly and it didn't.
  • It doesn't make agents smarter in general. If the answer is readable from the code, agents find it fine on their own. Grepathy only matters for the stuff that's written down nowhere else.
Command Purpose
grepathy init Install hooks and dirs. Safe to re-run. Offers to backfill old sessions.
grepathy status / doctor Health checks, what's distilled, what's stale.
grepathy context <path> Show the entries that apply to a file.
grepathy sync Distill and commit right now (still never pushes).
grepathy distill / repair / off / on / uninstall The rest. --help for details.

How is this different from Beads and the task-tracker tools? Those track what agents should do next. Grepathy records why things were already done. You could use both.

Why not just turn off transcript deletion? You can, but then you have gigabytes of raw chat logs on one laptop that you'd never share with anyone. The why file is small, safe to share, and lives in the repo where your team and their agents can actually find it.

Does it work with tools other than Claude Code? Anything can read the why files, since they're just markdown. Writing them currently requires Claude Code. A Codex adapter is next.

Where are the deep dives? Architecture and git behavior · why-pack format · parallel agents · config

npm install
npm run build      # tsc -> dist/
npm test           # compiles src + test, runs the node:test suite

Zero runtime dependencies; pure TypeScript. The test suite is hermetic — no Claude, API key, or network needed (the LLM is mocked, git runs in throwaway temp repos) — so npm test runs anywhere with Node >= 20 and git. It covers transcript parsing, why-pack merge and human-edit preservation, semantic dedupe, the privacy/secret/finance validator, per-session state and concurrency locking, branch attribution, and the scratch-index auto-commit. See CONTRIBUTING.md. The write-side adapter and read-side pointer/hook pattern are both per-tool seams designed to make a new tool (e.g. Codex) a small addition.

MIT

联系我们 contact @ memedata.com