{"slug": "who-s-watching-what-your-ai-agent-does-when-you-re-not-looking", "title": "Who's watching what your AI agent does when you're not looking?", "summary": "A developer built AgentGuard, a background daemon that monitors file changes made by AI coding agents like Claude Code and Codex, after experiencing approval fatigue that led to unauthorized file modifications. The tool watches sensitive files such as .env, keys, and CI configs, logs all changes to an audit trail, and sends Telegram alerts with Keep/Rollback buttons even when the user is away from the machine. AgentGuard runs as a permanent background daemon on macOS and is available via npm.", "body_md": "This isn't about AI being dangerous. It's about a habit most of us have developed without noticing.\n\nYou start a Claude Code session. The agent asks permission for the first action. You read it, approve. Second action — you read it, approve. Third action — you skim it, approve. By the fourth or fifth, you've clicked \"don't ask again for this session\" and gone back to whatever you were doing.\n\nThat's not carelessness. That's a completely rational response to an approval-fatigue problem that the tools themselves create. The agents ask too often, for too many things, and we adapt by tuning them out.\n\nThe problem gets worse when you're working remotely. I run AI coding sessions in two ways: sometimes through OpenClaw connected to Telegram, where I send messages and the agent executes actions on my machine. Sometimes through Claude.ai on my phone, running a remote session. Either way, you're watching a small screen, approving actions with limited context, and eventually you stop reading carefully.\n\nOne day I came back to my machine and found that the agent had modified files I didn't expect — not maliciously, just confidently. An .env file updated. A config changed. A dependency added. Nothing catastrophic. But I had no record of it. I couldn't tell what changed, when, or why.\n\nSo I built something to watch.\n\nAgentGuard is a background daemon that monitors what AI coding agents do to your files during and between sessions. It doesn't try to stop the agent from working — it tries to give you visibility into what happened.\n\nWhat it actually does:\n\nIt watches configured directories with a file watcher. When a sensitive file changes (.env, keys, CI configs, package.json, agent memory files like CLAUDE.md), it logs the event to an audit trail and optionally sends a Telegram message with Keep/Rollback buttons — even if you're not at the machine.\n\nIt runs as a permanent background daemon (launchd on macOS) so it's always watching, not just during explicit sessions.\n\nIt has a macOS menu bar icon showing daemon status and recent activity — same idea as Docker Desktop's tray icon.\n\nWhat I learned building it:\n\nThe hardest problem wasn't detection — it was deciding what to do about it. Block everything and the agent becomes useless. Block nothing and you're back where you started. The answer I landed on: log everything, alert on the things that actually matter (credential files, mass deletes, CI configs), and let the user decide.\n\nThe second thing I learned: real-time command interception is harder than it sounds. Codex is a Rust binary that doesn't use the shell in an interceptable way. The file watcher ended up being more reliable than the command interceptor for most agents.\n\nThe open question I don't have an answer to:\n\nIs this the right layer to solve this problem? Should the agents themselves have better audit trails? Should there be a standard for \"what did this session change\"? I genuinely don't know.\n\nI built this because I needed it. It's been running on my machine for a few weeks watching two projects. The log is mostly quiet — which is either good news or means I'm not watching the right things.\n\nIf you use Claude Code, Codex, aider, or run agents remotely via OpenClaw or similar — I'd be curious whether this matches a problem you've actually experienced, or whether the approval-fatigue thing is just me.\n\nnpm install -g agentguard-dev\n\nGitHub: github.com/Osva2023/AgentGuard", "url": "https://wpnews.pro/news/who-s-watching-what-your-ai-agent-does-when-you-re-not-looking", "canonical_source": "https://dev.to/ozforce_1998/whos-watching-what-your-ai-agent-does-when-youre-not-looking-1ja5", "published_at": "2026-05-28 19:07:43+00:00", "updated_at": "2026-05-28 19:26:30.539569+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-tools", "ai-products", "ai-ethics"], "entities": ["Claude Code", "OpenClaw", "Telegram", "Claude.ai", "AgentGuard"], "alternates": {"html": "https://wpnews.pro/news/who-s-watching-what-your-ai-agent-does-when-you-re-not-looking", "markdown": "https://wpnews.pro/news/who-s-watching-what-your-ai-agent-does-when-you-re-not-looking.md", "text": "https://wpnews.pro/news/who-s-watching-what-your-ai-agent-does-when-you-re-not-looking.txt", "jsonld": "https://wpnews.pro/news/who-s-watching-what-your-ai-agent-does-when-you-re-not-looking.jsonld"}}