Local black-box recorder for AI coding agents

See what your agent sends. Control it. Prove it.

Occasio is a local proxy between your AI coding agent and the cloud. Your prompts, your tool calls, your audit log, all on your machine, cryptographically verifiable later. No cloud, no account, no telemetry.

$ npm install -g @occasiolabs/occasio View on GitHub →

then occasio eyes --demo to see it in 10 seconds, no setup

Occasio's eyes browser UI: a two-pane view of an outbound exchange to api.anthropic.com showing a 4.6 KB payload byte-breakdown, the files sent to the cloud, and a tool result with secrets highlighted as REDACTED BY OCCASIO. — `occasio eyes --demo` against synthetic data. Every outbound payload, byte breakdown, secrets redacted in the clear.

Two ways to use it

Both views read the same local log. You get both for free.

Most people land here for one of these. Run the proxy once. Daily visibility and verifiable proof come together.

Daily dev work

See what's leaving your machine

"What is the agent actually sending to Anthropic, and what's it costing me?"

occasio eyes for a live browser UI of every outbound payload
occasio scan flags secrets in a file or stdin, explained and masked
occasio preflight simulate previews what your policy would block before the agent runs
--budget N stops a run once it crosses your dollar limit
Byte breakdown + secrets redacted before they leave

CI / compliance

Prove what the agent did

"Prove exactly what the agent did during this run."

occasio attest for a signed in-toto behavioral attestation
occasio bundle → occasio verify — one portable file, checked offline
occasio policy lock + diff pin the approved policy and catch drift
Hash-chained from GENESIS, Sigstore-signed, bound to the git commit it ran against

Verify in 60 seconds

Hand someone the bundle. They confirm it offline.

No account, no network to us. Each step is independent. Any failure fails the whole.

third-party verifier

occasio bundle --run <id> --out run.occasio.json
occasio verify run.occasio.json
✓ manifest integrity       embedded artifacts hash-match
✓ chain slice integrity    SHA-256 walk, anchored
✓ git state matches chain   bound to the commit it ran against
✓ signature                Sigstore (optional)
# or with zero Occasio install:
python audit_walker.py pipeline-events.jsonl
tamper one byte → verification fails

Six independent checks — schema · manifest · chain slice · policy binding · git-state · signature. None of them trust Occasio's own verifier.

Control the boundary

It doesn't just watch. It stops the leak.

Other tools observe what the agent sent. Occasio acts on the request before it leaves your machine.

Enforce

Denied content never ships

When the agent bakes a denied file or a secret into the outbound request, Occasio resolves the real path (symlinks too) and strips the content before the model receives it.

One policy file

You control the rules

Every tool call passes through one human-readable policy.yml you own — deny-lists, path rules, transforms, per-round limits — all hot-reloaded, each decision logged into the chain. Lock the approved policy and diff catches any drift.

Honest coverage

No silent gaps

Every tool call gets a coverage code. You see exactly what was intercepted and what fell through, with no inflated claims.

Built for the audit

When someone asks "what did the agent do?", there's a signed answer.

Standard supply-chain rails, extended from build artifacts to agent actions. No hand-rolled crypto.

Sigstore keyless signing in-toto attestations hash-chained audit log CycloneDX AI-BOM EU AI Act Art. 12 trail NIST AI RMF mapping SOC 2 CC6.1 / CC7.2 local-first · no telemetry

Links

npm: @occasiolabs/occasio
GitHub: occasiolabs/occasio
MCP Registry: io.github.occasiolabs/occasio
For AI crawlers: llms.txt