Logira

The thing nobody talks about with Claude Code and Codex running in --dangerously-skip-permissions mode is that you're flying blind — the agent tells you what it did, not what it actually did. Logira drops eBPF sensors into the OS layer to capture exec, file, and network events in real time, scoped per run, so you get ground truth instead of the agent's curated highlight reel. It saves everything to JSONL and SQLite with default rules for credential access, persistence changes, and suspicious exec patterns, which is exactly the threat model you should be losing sleep over when a model has a shell. Honestly this is a sleeper hit for any team shipping AI coding agents in non-sandboxed environments — the use case is narrow but the pain is real and nobody else is solving it.