{"slug": "show-hn-iaxt-macos-menu-bar-app-that-records-what-ai-coding-agents-do", "title": "Show HN: IAXT – macOS menu-bar app that records what AI coding agents do", "summary": "IAXT, a new macOS menu-bar app, records AI coding agent activity locally to create an audit trail, addressing approval fatigue and prompt injection risks. The tool logs commands, file changes, and network calls, flagging suspicious actions for individual developers or team-wide security reviews.", "body_md": "No blocking. No workflow changes. No cloud upload for individuals. Just a local audit trail you can review after the coding session ends.\n\nAI coding agents run commands and change files on your machine, with broad permissions and at high speed.\n\nTwo things make that hard to keep up with.\n**Fatigue:** over a long session the permission dialogs\nblur into an *illusion of control*, and most of us click through.\n**Prompt injection:** attackers now hide instructions for\nthe AI inside ordinary text, and the attacks keep getting more frequent\nand more sophisticated.\n\nIAXT doesn't block. IAXT doesn't restrict. IAXT watches, attributes, and\nremembers, so whether it was a tired click or a hidden instruction, you\ncan answer the question most teams can't answer today:\n*what did the AI actually do?*\n\nSolo developer auditing your own machine, or a founder rolling an audit trail up to the whole team. IAXT fits both — and they care about different things.\n\nInstall the app, go back to coding. IAXT sits in your menu bar, logs every AI agent's activity locally, and surfaces a 30-second review screen when you're done.\n\nCatches the accidents (the AI deleted half the repo), flags\nthe rarer intentional exfil (a prompt-injected README\ntriggered a `curl -X POST`\n\non your SSH key), and\nstays out of your face the rest of the time.\n\n`~/Library/Logs/IAXT/`\n\n, openable with `sqlite3`\n\n, deletable with `rm -rf`\n\n.\nYour engineers install IAXT — same app as the individual\ntier, no extra friction. Once a day, a review summary\n(**not raw logs**) pushes to a central endpoint\nyou control. Your security lead, CTO, or founder sees a\nper-engineer roll-up.\n\nWhen a customer's security review, an investor's due diligence, or an acquirer's tech audit asks \"how do you manage AI-agent risk?\", you open the dashboard. That's the answer. Few teams can show this today, which is why having it now sets you apart in the room.\n\nWe use Claude Code, Cursor, and Aider across the team. Every session is logged locally. Review-tier events — persistence mechanisms, credential access, exfiltration patterns — are flagged automatically and rolled up to our security review. Here's last week's report. — What you tell a customer, investor, or acquirer\n\nCommands run, files created or modified, packages installed, git operations, cron entries, launch agents. Every action attributed to the tool that made it — confirmed, likely, or possible.\n\nA gold stripe for actions that deserve attention — filesystem writes outside the project, unexpected network calls, changes to scheduled tasks. Violet for things simply worth a look.\n\nA daily Overview of your AI usage patterns. Session cards, stats, attention items. Because it watches every agent at once, it also becomes a clear picture of how you actually code with AI across all your tools, Claude Code, Cursor, and the rest, not just one. CSV export for team review. Everything local, no telemetry, no cloud.\n\nAn **impartial observer** of what your AI coding\nagents actually did on your machine. Catch the accidents, and\nspot the rare action that does not belong, without trusting your\nmemory of a long session.\n\nVisibility into how agents are used **across the\nteam**, with zero workflow friction. Everyone installs\nthe same quiet app; you get a review surface instead of a blind\nspot.\n\n**Evidence** that AI-agent risk is actually\nwatched: an audit trail you can point to in a security review or\ndue diligence, with review-tier events flagged automatically.\n\nReal screenshots of the macOS app. Pick a view to see what it shows and why it matters.\n\nIAXT gives you a faithful, after-the-fact record of what your AI coding agents did on your machine. Two very different situations make that worth having.\n\n**Good faith: approval fatigue.** You approve\nsensitive actions as you work, but hours and days of coding\nbring fatigue and desensitization. It is human to click\n*allow* out of routine, or to wave through something you\ndid not fully understand. IAXT lets you go back, calmly and\nlater, and see what you actually agreed to.\n\n**Bad faith: prompt injection.** Attackers hide\ninstructions inside content an AI reads. Below is a real email:\nthe body looks like a harmless onboarding reminder, but its\nsource hides a command aimed at any AI assistant that processes\nthe message.\n\nIt targeted Windows and never ran here. But the technique is\nreal and getting more sophisticated. IAXT is passive: it does\nnot block, it **records**. If an agent on your Mac\never acted on a hidden instruction like this, you would see\nexactly what it did in the Action Log, after the session.\n\n**Individual tier: zero.** No telemetry. No\nanalytics. No account. The only network call the app can\nmake is the *Check for Updates* menu item — one\nrequest to GitHub, only when you click it.\n**Company tier:** once a day, a review summary\n(counts per agent, flagged/review action totals — no raw\ncommands) goes to the endpoint you control. Nothing to us.\n\nClaude Code, Cursor, Aider, Codex, Windsurf, Kilo Code,\nOpenCode, Copilot, Cody. New agents are added on request —\n[open an issue on GitHub](https://github.com/CoralliumTech/iaxt-releases/issues)\nwith your tool's process name and we'll add it.\n\nNot for the moment. IAXT is macOS-only today (macOS 13 Ventura or later), built on macOS-native event streams. A Windows version would be a separate effort; we may consider it based on demand.\n\nNo, and it can't be. App Store apps must run inside Apple's sandbox, which walls each app off from the rest of the system. IAXT's whole job is to watch what other processes do across your machine, read their command lines, and follow file activity beyond its own folder. The sandbox blocks exactly that. So IAXT ships the way most serious Mac developer tools do, as a signed and notarized DMG you download directly, verified by Apple's Gatekeeper on first launch.\n\nNot in a way you'll feel. IAXT subscribes to macOS's native event streams (FSEvents, kqueue, periodic sysctl) — the OS is already doing this work — and drops roughly 95% of events by construction before anything touches disk. No lag in your editor, no slower builds, no stutter in your agents.\n\nThe honest caveat is battery. Because IAXT watches continuously in the background, a laptop on battery may run down a little sooner — any always-on tool has this cost. We've worked hard to keep it small: adaptive polling that backs right off when nothing is happening, and a full pause while your Mac sleeps. On power it's a non-issue; on battery it's a few percent, not a cliff.\n\nDrag `IAXT.app`\n\nto the Trash, then\n`rm -rf ~/Library/Logs/IAXT`\n\nto remove the SQLite\ndatabase and audit logs. That's it — no hidden files, no\nLaunchAgent to unload.\n\nApple's Endpoint Security framework catches more (file reads,\nevery `exec`\n\n) but requires a manual-review\nentitlement from Apple and a system-extension install flow.\nIAXT v1 runs in user-space because distribution friction\nmatters more than catching every last event. ES-level\ndetection is on the roadmap.\n\nBoth will be available. During private beta we host it for\nspeed of iteration. Self-hosted ships before GA. If you need\nself-hosted from day one, email\n[[email protected]](/cdn-cgi/l/email-protection#ea9e8f8b8799aa838b929ec4898587d5999f88808f899ed7a3abb2becfd8da9e8f8b87cfd8da8f848e9a8583849ecfd8da086a7ecfd8da998f868cc78285999e8f8ecfd8da83849e8f988f999e)\n— we'll prioritize accordingly.\n\nThe individual app is closed-source today. For enterprise and\nbusiness customers, we're happy to share the source on request\nfor security auditing and due diligence — email\n[[email protected]](/cdn-cgi/l/email-protection#ef9b8a8e829caf868e979bc18c8082d09c9a8d858a8c9bd2a6aeb7bbcadddf0d6f7bcadddf9c809a9d8c8acadddf8e8c8c8a9c9ccadddf89809dcadddf8e9a8b869b868188).\n\nTransparency cuts both ways. These are structural — anyone claiming otherwise is selling you something. The audit story only works if you believe we won't overpromise, so here's the full list.\n\nIAXT sits deliberately in the middle: far more than nothing, far lighter than a full EDR. No kernel extension, no system extension, nothing to slow the machine down. Right for individuals, and for the startups and teams that want real visibility without the weight and intrusiveness of endpoint security software.\n\nRemote sandboxes on vendor infrastructure. No local process touches your machine. IAXT shows a banner when a remote-capable app is running so you know the blind spot exists.\n\nBrowser-hosted code generators. Nothing executes locally. Out of scope by design — the chat transcript on the vendor's site is the only audit surface.\n\nIAXT records *that* files changed, not *what*\nchanged. A subtle code-level backdoor looks like any other\nedit. Defense: `git diff`\n\nafter the session.\n\nmacOS FSEvents only fires on writes. A silent read of\n`~/.ssh/id_rsa`\n\nis invisible — unless the AI\n*uses* what it read, in which case the curl / POST\n/ commit is caught.\n\n`export`\n\n, `alias`\n\n, `cd`\n\n,\n`source`\n\nrun inside the shell process with no\nchild process — they're invisible to process-level monitoring.\n\nIf an AI app makes HTTP requests from its Electron main\nprocess directly (not via `curl`\n\n/ `wget`\n\nchild processes), those calls don't surface.", "url": "https://wpnews.pro/news/show-hn-iaxt-macos-menu-bar-app-that-records-what-ai-coding-agents-do", "canonical_source": "https://iaxt.com/", "published_at": "2026-07-08 11:44:27+00:00", "updated_at": "2026-07-08 12:00:05.104721+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "developer-tools"], "entities": ["IAXT", "Claude Code", "Cursor", "Aider", "macOS"], "alternates": {"html": "https://wpnews.pro/news/show-hn-iaxt-macos-menu-bar-app-that-records-what-ai-coding-agents-do", "markdown": "https://wpnews.pro/news/show-hn-iaxt-macos-menu-bar-app-that-records-what-ai-coding-agents-do.md", "text": "https://wpnews.pro/news/show-hn-iaxt-macos-menu-bar-app-that-records-what-ai-coding-agents-do.txt", "jsonld": "https://wpnews.pro/news/show-hn-iaxt-macos-menu-bar-app-that-records-what-ai-coding-agents-do.jsonld"}}