AgentSight: System-wide AI agent profiling and monitoring with eBPF
June 24, 2026 · View on GitHub
English | 中文
Your local first perf/top/strace/nsight-like tool for AI agents. See what agents actually do
to your machine, and connect those actions back to the prompts, model calls, and
tool decisions that triggered them.
Run agentsight around Claude Code, Codex, Gemini CLI,
OpenCode, OpenClaw, or any command. AgentSight records:
- processes and child processes, shell commands, cwd, argv, exit status, and duration
- files created, written, truncated, renamed, or deleted
- network destinations contacted
- prompts, responses, tool intent, and LLM/model/token
No SDK, no proxy, no vendor integration. AgentSight observes with eBPF and TLS traffic tracing, so it works even when the agent is a closed-source CLI. ✨ Zero SDK Required
Quick Start
cargo install agentsight
# or: wget https://github.com/eunomia-bpf/agentsight/releases/latest/download/agentsight && chmod +x agentsight
sudo agentsight top
Live sessions ranked by model, session tokens, health, process family, tool calls, file activity, and network activity
🚀 Why AgentSight?
Traditional Observability vs. System-Level Monitoring
Application-level tools such as LangSmith, Langfuse, and Phoenix are great for traces, prompts, tokens, evals, and latency when you own the application code. Gateway/proxy tools such as Helicone are useful when you can route provider traffic through a managed endpoint.
AgentSight focuses on the layer those tools often miss: what the agent actually does at the system boundary. It observes existing binaries and CLI agents without SDKs or proxies, then correlates LLM traffic with process execution, file access, and system activity.
| Challenge | Application-Level Tools | AgentSight Solution |
|---|---|---|
| Framework Adoption | ❌ SDK, callback, or gateway integration per app | ✅ Drop-in system tracer, no code changes |
| Closed-Source CLIs | ❌ Limited to what the tool exposes or logs | ✅ Observes existing binaries and CLI agents from outside |
| Agent-Controlled Logs | ❌ Logs can be incomplete, disabled, or modified | ✅ Kernel-level events independent of app logging |
| TLS LLM Traffic | ❌ Visible when routed through SDKs/proxies | ✅ Captures plaintext at SSL/TLS calls without a proxy |
| System Actions | ❌ Often misses subprocesses and local file activity | ✅ Tracks process execution, file access, and resource use |
| Cross-Boundary Behavior | ❌ Traces usually stop at framework/process boundaries | ✅ Correlates LLM traffic with process and file events |
AgentSight captures critical interactions that application-level tools miss:
- Subprocess executions that bypass instrumentation
- Plaintext LLM payloads at SSL/TLS call boundaries
- File operations and system resource access
- Cross-boundary behavior across LLM, process, and file events
Usage
Prerequisites
- Linux kernel: 4.1+ with eBPF support (5.0+ recommended)
- sudo access: eBPF probes are auto-elevated; your agent stays unprivileged
For source builds, see docs/build.md.
Installation
Cargo or Release Binary
For local use, install with cargo install agentsight or download the latest
release binary, then start with sudo agentsight top. Use the examples below when
you want to record a specific command or inspect saved sessions.
Docker
Docker is useful for container, CI, or isolated Linux environments, but it still needs privileged host access for eBPF. See docs/docker.md.
Build from Source
Build requirements and source build commands live in docs/build.md.
Querying Past Sessions
Every record session is automatically saved to an agentsight-*.db SQLite
file in the current directory. Start with the live and record commands, then
use agentsight report for structured queries:
sudo agentsight top # live ranked view of current agent sessions
agentsight monitor install-service # install/start the background monitor service
agentsight top --db run.db --once # ranked view of a saved session
sudo agentsight record -- claude # record a command
agentsight report # high-level run summary (default)
agentsight report list # recorded sessions in this directory
agentsight report prompts --json # full LLM request/response JSON
agentsight report token # token usage from latest session in this directory
agentsight report audit --json # process spawns, file opens, API calls
agentsight report serve # open the web UI for the latest session in this directory
agentsight report export -o snapshot.json # export for web dashboard
agentsight report --local # summarize native Claude/Codex/Gemini sessions
Offline Agent pprof Profiles
Use agentpprof when you want a no-sudo pprof/folded-stack/SVG summary of
local Codex or Claude session history:
cargo run --manifest-path agentpprof/Cargo.toml -- \
--project-root . \
--view tokens \
-o agent.pb.gz
go tool pprof -top agent.pb.gz
The tokens view is the best first flamegraph for cost analysis: it aggregates
real local Codex/Claude development sessions by project, agent, session tag,
prompt tag, model, and token kind.
Offline token profile generated from real local bpf-benchmark coding-agent sessions
See agentpprof/README.md for CLI details and docs/flamegraph for flamegraph examples, view selection, and deterministic tagging rules.
Web Interface
During a session, visit http://127.0.0.1:7395 for live traffic, process trees, and metrics:
- Timeline View: http://127.0.0.1:7395/timeline
- Process Tree: http://127.0.0.1:7395/tree
- Event Log: http://127.0.0.1:7395/logs
- Metrics View: http://127.0.0.1:7395/metrics
For a saved SQLite session, run agentsight report serve --db run.db and open the same routes.
Process tree visualization for agent subprocesses and file activity
Timeline visualization for LLM, process, file, and network events
Metrics visualization for memory and CPU usage
Try the live demo to explore a real recorded Claude Code session in the browser.
Supported Agents
Privileges: eBPF probes need root. Use
sudofor live capture commands.
record auto-discovers binaries, SSL libraries, and container processes. Works out of the box for:
| Agent | Command |
|---|---|
| Claude Code | sudo ./agentsight record -- claude |
| Gemini CLI | sudo ./agentsight record -- gemini |
| Python (aider, open-interpreter, …) | sudo ./agentsight record -c python |
| Docker containers (OpenClaw, …) | sudo ./agentsight record -c node --binary-path docker://openclaw |
| Any command | sudo ./agentsight record -- <command> |
See docs/agents.md for agent-specific setup, SSL quirks, browser capture, MCP stdio, and advanced flags.
OpenTelemetry Export
AgentSight can export captured LLM calls as OpenTelemetry GenAI
(gen_ai.*) spans over OTLP/HTTP — standards-compliant agent telemetry for any
agent, with zero in-process instrumentation.
sudo ./agentsight debug trace --otel --otel-endpoint http://localhost:4318
See docs/otel.md for collector setup and backend integration.
❓ Frequently Asked Questions
Q: What permissions does AgentSight need?
A: eBPF probes need root privileges, so AgentSight may prompt for sudo. With record -- <command>, the monitored agent still runs as your normal user; only the probes are elevated.
Q: What's the performance impact? A: Our evaluation reports less than 3% CPU overhead for typical traced agent workloads.
Q: Where does captured data go?
A: record stores sessions as agentsight-*.db files in the current directory by default, and report reads the latest matching file from that directory unless you pass --db. monitor stores its weekly background DBs under ~/.agentsight/monitor, and top is read-only unless you explicitly pass --db to inspect a saved session. Use agentsight report, agentsight report list, agentsight report audit --json, and agentsight report token to inspect prior runs. Captured data can include prompts, responses, paths, headers, and network targets, so treat logs and DBs as sensitive.
Q: Why doesn't AgentSight capture traffic from Claude Code, Node.js, or Gemini CLI?
A: These applications statically link their SSL library (BoringSSL for Claude/Bun, OpenSSL for all Node.js — both NVM and system installs) into their own binary instead of using system libssl.so, so there's nothing for sslsniff to hook by default. AgentSight handles this for you: record -- <command> always discovers the binary, and record -c node now auto-discovers the Node binary too. For Claude attach mode, pass --binary-path. See the "Zero-Config: record" and "Monitoring Node.js AI Tools" sections.
Q: What should I check if tracing fails?
A: Verify you are on Linux with eBPF support, have sudo or CAP_BPF/CAP_SYS_ADMIN, and are using record -- <command> or the correct --binary-path for statically linked agents.
🤝 Contributing
We welcome contributions! After cloning and building (see docs/build.md), you can:
# Run tests
make test
# Frontend development server
cd frontend && npm run dev
# Build debug versions with AddressSanitizer
make -C bpf debug
Key Resources
- CLAUDE.md - Project guidelines and architecture
- docs/design/README.md - archived design notes and research drafts
📄 License
MIT License - see LICENSE for details.
💡 The Future of AI Observability: As AI agents become more autonomous and capable of self-modification, traditional observability approaches become insufficient. AgentSight provides independent, system-level monitoring for safe AI deployment at scale.