A per-session record of how your AI-assisted code was actually written.
Every time a developer works with an AI coding tool, a decision trail is created and then immediately lost. The prompt that shaped the change, the suggestion that was accepted, the one that was rejected, the files that were touched — none of it survives in your commit history. Git shows you the what. It says nothing about the how or the why.
A Context BOM closes that gap. It's a structured record, generated automatically for each AI-assisted session, that captures the origin and decision context behind the code your team ships.
An AI-BOM tells you what's in your environment. A Context BOM tells you what got into your code.
Each Context BOM records the essentials of a session: the intent behind a change, the human decisions that gated it, and the path from prompt to commit. It distinguishes what a developer accepted from what they declined — turning an invisible interaction into reviewable evidence.
The result is a chain of custody for AI-assisted development: provenance (where a change came from) and lineage (how it moved from prompt to production).
Compliance frameworks were written for a world where humans authored every line. SOC 2 CC8.1 asks you to demonstrate change management. When an AI tool co-writes the change, the standard still applies — but the evidence your auditor expects no longer exists by default.
The Context BOM is that evidence. It's tamper-evident, generated as work happens rather than reconstructed after the fact, and mapped to the controls auditors actually ask about.
A Software BOM inventories your dependencies. An AI-BOM inventories your AI systems. The Context BOM is the missing third layer — the one that documents how your code came to exist in the first place. Together they give regulated teams a complete picture: what's in your software, what AI is in your stack, and how your code was written.
Want to see a Context BOM from a real session?
Book a demo