Agentmetry, catch your AI coding agent reading –/.ssh and phoning home Agentmetry, an open-source flight recorder for AI coding agents, captures and correlates every tool call with MITRE ATT&CK tags and SHA-256 hashing, enabling replay and SIEM forwarding. The tool detects behavioral sequences like credential exfiltration and blocks secrets via a local DLP engine, all while running fully locally without vendor cloud dependency. The open-source flight recorder and security layer for AI agent tool-use. Every tool call, every denial, every human approval — hashed, correlated, and stored in a JSONL trail you own. Replay on demand; forward to Loki, Elastic, or Splunk when you want a SIEM. Quickstart install--quick-start · · /blitzcrieg1/agentmetry/blob/master/docs/agentmetry-external-ingest.md Docs · /blitzcrieg1/agentmetry/blob/master/docs/agentmetry-event-schema.md Schema · /blitzcrieg1/agentmetry/blob/master/ROADMAP.md Roadmap Security Every AI-agent tool call, tagged with MITRE ATT&CK as it happens — and a correlated alert when a sequence of innocent-looking calls adds up to an attack. 🚧 Public Alpha: Core capture, replay, and SIEM forwarding are usable for early exploration. APIs and integration surfaces may evolve rapidly. Why Agentmetry? why-agentmetry Install & Quick Start install--quick-start How Agentmetry Works how-agentmetry-works Coverage & Limitations coverage--limitations Capabilities & Integrations capabilities--integrations Behavioral Detection Engine behavioral-detection-engine Data Loss Prevention DLP data-loss-prevention-dlp Dashboard dashboard Forwarding to a SIEM forwarding-to-a-siem CLI Reference cli-reference Contributing contributing Security security License license When an autonomous agent runs a tool, most stacks keep nothing you could hand to an incident responder. Logs show a process; they do not show intent , session boundaries , or what the human approved . Agentmetry is the open-source endpoint flight recorder for AI agents — built to run entirely on your machine, with optional forwarding to the SIEM you already operate. an immutable, operator-owned audit trail for governed AI agents — capturing tool execution at the IDE lifecycle boundary and the MCP wire, not in a vendor cloud We do that by: Intercepting agent tool calls through IDE lifecycle hooks Cursor, Claude Code, Codex, Antigravity and an MCP stdio audit proxy Normalizing every event into a canonical schema v1.1.0 with MITRE ATT&CK enrichment and SHA-256 argument hashing Detecting correlated behavioral sequences a single event cannot reveal credential exfil, guardrail bypass, recon-then-grab Blocking secrets and PII at the hook boundary with a local regex DLP engine log or block mode Forwarding the same JSONL trail to Loki, Elastic ECS, Splunk HEC, or a generic webhook — without making the cloud the system of record Agentmetry is not a CASB or shadow-AI spy. It records the agents you wire in. If your problem is unmanaged ChatGPT in the browser, you need network/endpoint policy — not a flight recorder. Agentmetry runs fully locally. The audit trail never leaves your machine unless you explicitly forward it. No server, no API key, no config. Clone and run: git clone https://github.com/blitzcrieg1/agentmetry.git && cd agentmetry pip install -r apps/orchestrator/requirements.txt python scripts/demo.py It replays an agent session through the real ingest API: the agent reads an SSH private key, runs a command containing an AWS key, then fetches a URL. Agentmetry tags each call with MITRE ATT&CK, catches the AWS key with DLP storing the rule, never the value , and then — without being asked — correlates the key read with the network call and fires a CRITICAL credential-exfil detection. No single one of those events is an alert. The sequence is. That is the whole product in one screen. python scripts/demo dashboard.py seeds 5 sessions + 4 detections, serves http://127.0.0.1:8010/ One command seeds a realistic demo trail and serves the dashboard locally — no API key, no cloud. Click a flagged session and the detection is right there, with the full event drilled open beneath it: See the dashboard tour /blitzcrieg1/agentmetry/blob/master/docs/dashboard-tour.md for what each view shows and how to read it. | Requirement | Version | |---|---| | Python | 3.10+ | | Node.js | 18+ | git clone https://github.com/blitzcrieg1/agentmetry.git cd agentmetry Python orchestrator cd apps\orchestrator python -m venv .venv .\.venv\Scripts\activate pip install -e ". dev " copy .env.example .env cd ..\.. Next.js dashboard cd apps\dashboard npm install cd ..\.. scripts\start-dev.bat Dashboard → http://localhost:3000 http://localhost:3000 · Orchestrator API → http://localhost:8000 http://localhost:8000 powershell -ExecutionPolicy Bypass -File scripts\install cursor hooks.ps1 powershell -ExecutionPolicy Bypass -File scripts\install claude hooks.ps1 Fully quit and restart Cursor / Claude Code so hooks load. python scripts\agentmetry ingest.py selftest Events should appear in the dashboard Flight Recorder within a few seconds. When an agent runs a tool, Agentmetry automatically: Intercepts the lifecycle hook or MCP tools/call before arguments leave the hook process Hashes tool arguments SHA-256 and scrubs inline secrets in command strings Enriches each event with MITRE tactic/technique mappings and session correlation Stores canonical JSONL locally audit-forward.jsonl — the system of record for the hook path Detects multi-step behavioral patterns across the session timeline Forwards to your SIEM sinks and alert webhook optional, best-effort flowchart TB subgraph Capture "Capture Layer Tier A + B " HOOKS "IDE Lifecycle Hooks