CAIRN audits your agent's tool-call traces and certifies which repeated work is provably safe to reuse — then prices what it saves, honestly, net of provider prompt caching. Read-only. Local. Open source.
Agentic workflows fire 10–20 model calls per task and re-read the same files, scans and tool outputs all day; inference now eats double-digit shares of revenue at agent companies. The obvious fix is caching. But when we measured 4.15M real agent commands, 64% of the re-reads a cache would have served had actually changed — tests flipped, files moved, state drifted. And 97% of those changes were real content, not timestamps. A cache without proof doesn't save money; it silently corrupts your agent.
Match by similarity, invalidate by TTL guesswork. No output verification — the 64% ships straight to your users.
Safe but prefix-bound, minutes of TTL. Can't reuse work across runs, sessions or users. CAIRN's numbers already assume you use it.
Certifies reuse by provenance and output identity. Never claims what it can't prove — and reports its false-hit rate on your trace.
Provenance matched and the output hash is identical. Serving the stored result is byte-for-byte correct.
50,632 certified on the public corporaSame work, output moved. The agent gets a compact delta against what it already saw instead of re-ingesting everything.
42% of re-read tokens avoidableOutput unobservable or state drifted. CAIRN refuses to claim savings it can't prove. The refusal is the product.
294,824 stale-risk events caughtThe pink bar is the point: that's the work every other cache would have served stale.
One hook records your agent's tool calls locally (read-only, never blocks the agent). Use your agent normally for a day, then print your receipt. Works with Claude Code today; MCP gateway next.
Coding, support and research agents on flat pricing — token COGS is your gross margin. Certified recycling is margin you can bank without risking correctness.
Pentest and SOC agents where a stale result isn't a cost bug, it's a miss. CAIRN's provenance lane blocks unsafe replay and proves it.
Fleets of internal agents, one bill, no trace-level visibility. Per-user, per-team recyclable-spend receipts your CFO can read.
At fleet scale — thousands of agents, hundreds of seats, one bill — nobody can say who burns what or which spend is recoverable. CAIRN rolls every decision up by user, team and agent: visibility today (ships in the open-source audit), then the runtime adds the control plane — per-user budgets, caps and alerts, certified recycling enforced by policy, receipts for finance.
| User | Tool calls | Tokens | Certified reuse | Recyclable | Saved / night |
|---|---|---|---|---|---|
| nightly-fleet-04 | 88,204 | 41.2M | 1,412 | 9.8% | $24.10 |
| nightly-fleet-01 | 71,530 | 33.9M | 1,187 | 8.9% | $19.80 |
| pr-review-bot | 64,118 | 25.1M | 948 | 7.4% | $15.20 |
| monorepo-sweeper | 52,377 | 22.6M | 762 | 6.1% | $12.40 |
| nightly-fleet-02 | 49,846 | 19.8M | 531 | 4.9% | $9.90 |
| (6 more users) | 86,733 | 31.7M | 194 | 2.2% | $9.60 |
| fleet total / night | 412,808 | 174.3M | 5,034 | $91.00 |
Per-user / per-team spend and recyclable share, from your own traces. Ships in the audit now.
Caps per user, team or fleet; alerts when an agent's burn or false-hit rate drifts.
Certified reuse served automatically under policy — spend control that never trades away correctness.
Illustrative fleet built from the measured corpus ratios;
dollars are net of provider prompt caching at claude-sonnet-4.5 prices. The per-user rollup ships
in the open-source audit today (traces with user_id
fields get it automatically).
What large companies actually spend on agent tokens, from public reporting this year:
73.7 trillion tokens in ~30 days of internal AI use — costs approaching billions per year. They built an internal per-user leaderboard ("Claudeonomics") and spending caps. That window is this product.
$500–2,000 per engineer per month; blew its 2026 AI budget in four months; now caps spend at $1,500 per engineer per tool.
Microsoft pulled agent licenses at ~$2,000/engineer/month. Salesforce's Anthropic bill: ~$300M/year. One enterprise hit $500M in a single month with no caps.
Percentages are estimates derived from measured public corpora (10.5% repeated commands, 42% of re-read tokens avoidable) — labeled so; the honest way to replace them with your number is a one-day shadow audit. Cross-run recycling is now measured: regrouping the same corpus by repository instead of session multiplies certified-recyclable point tokens 6.6× (15.2M → 100.2M) at the same measured safety rate — reuse across nightly runs is what provider prompt caches structurally cannot do.
Most savings claims assume you pay full price for every repeated token. You don't — providers already discount cached prefixes. CAIRN prints both numbers and tells you which to believe.
Per-model price tables, tiktoken token counts, upper-bound models labeled as upper bounds, refusal to claim unverifiable savings — the caveats aren't fine print, they're the product.
The audit is MIT-licensed and runs on your side — no integration, no data leaves your machine. If the number is big, we talk about the runtime that banks it. If it isn't, you've lost fifteen minutes and gained a measurement.