Logira

Someone finally said the quiet part out loud: you have no idea what AI agents are actually doing on your machine. melonattacker built Logira because they got tired of running Claude Code with --dangerously-skip-permissions and Codex with --yolo mode, having zero visibility into what these things were actually touching. The agent's output tells you its story—but who's verifying it?

Logira uses eBPF to record exec, file, and network events at the OS level, scoped per run. It captures everything in JSONL and SQLite, ships with default detection rules for credential access, persistence changes, and suspicious exec patterns—and here's the key part—it's observe-only. It never blocks. It just watches. Because you can't trust the agent to audit itself. That's like letting the fox write the security report.

This is the layer-splitting moment in agent tooling that people have been talking about. The agent does the work, Logira watches the work. One commenter on HN nailed it: auditing has to be independent of the thing being audited. It's still early—single founder, open source, just launched on Hacker News—but the problem Logira solves is real and it's only getting more urgent as more developers let AI run wild with system permissions.