DEV Community

Cover image for I Built a Plugin to Track Everything Hermes Agent Installs
Chilarai
Chilarai

Posted on

I Built a Plugin to Track Everything Hermes Agent Installs

Over the past few weeks I've been experimenting with AI coding agents, especially Hermes Agent.

One thing became obvious very quickly, AI agents are incredibly good at getting things done—but they also leave a surprising amount of stuff behind.

A single prompt can result in commands like:

  • npm install
  • pip install
  • brew install
  • docker pull
  • git clone
  • npx playwright install

At first this doesn't seem like a problem.

But after a few days I found myself asking questions like:

  • Why is Playwright installed?
  • When did I pull this Docker image?
  • Which project cloned this repository?
  • Did Hermes install this, or did I?

Unlike source code, there's no history for changes an AI agent makes to your development environment.

The Problem

When we write code, we have Git.

Every change is recorded.

We can inspect it, review it, and revert it.

When AI agents execute commands on our machines, that history mostly disappears.

Sure, you can search your shell history, but it quickly becomes noisy and doesn't answer questions like:

  • Which session installed this package?
  • Which task cloned this repository?
  • What did the agent actually change?

As AI agents become more autonomous, I think visibility into their actions becomes increasingly important.

A Small Experiment

Instead of trying to build rollback, approvals, or policy enforcement, I wanted to answer a much simpler question:

Can I just keep a history of everything the agent installs?

So I built Agent Install Monitor.

It's a small open-source plugin for Hermes Agent that records installation activity performed through Hermes' terminal tool.

Today it tracks things like:

  • Package installs (npm, pnpm, pip, uv, brew, apt, cargo, etc.)
  • Docker pulls and runs
  • Git clones
  • Service starts
  • Other common environment setup actions

Everything is stored locally in SQLite.

No telemetry.

No cloud service.

No accounts.

Example

After asking Hermes to build a project, I can simply run:

agent-monitor history
Enter fullscreen mode Exit fullscreen mode

and see something like:

Hermes Session #12

Packages
✓ playwright
✓ openai

Containers
✓ postgres:16

Repositories
✓ microsoft/playwright

Services
✓ docker
Enter fullscreen mode Exit fullscreen mode

It's intentionally simple.

The plugin doesn't uninstall anything.

It doesn't modify Hermes' behavior.

It doesn't try to secure your machine.

Its only job is to answer:

What did my AI agent install?

Installation

The project is open source, and I'd love to hear what you think.

GitHub: https://github.com/swytchcodehq/agent-install-monitor

Run the installer and it finds Hermes's own venv, installs into it (not your
shell's Python, which wouldn't be discoverable as a plugin), enables the
plugin, and offers to put agent-monitor on your $PATH. Safe to re-run.

macOS / Linux / WSL

curl -fsSL https://raw.githubusercontent.com/swytchcodehq/agent-install-monitor/main/install.py | python3
Enter fullscreen mode Exit fullscreen mode

Windows (PowerShell)

irm https://raw.githubusercontent.com/swytchcodehq/agent-install-monitor/main/install.py | python -
Enter fullscreen mode Exit fullscreen mode

Usage

Just use Hermes normally. Afterwards, in a regular terminal:

agent-monitor history          # most recent session
agent-monitor sessions         # list all recorded sessions
agent-monitor session <id>     # a specific session
agent-monitor export [--session ID] [--format json|csv]
Enter fullscreen mode Exit fullscreen mode

Data lives in $HERMES_HOME/agent-monitor/monitor.db (default
~/.hermes/agent-monitor/monitor.db). Nothing leaves your machine.

Supported Installations

Category Commands
Package managers npm, pnpm, yarn, pip, uv, poetry, cargo, go, brew, apt, dnf, apk, gem, composer, dotnet, nuget, choco, winget, scoop
Containers docker/podman pull, docker/podman run, docker compose up
Git git clone, git submodule add/update
Runtimes npx, uvx, cargo run, go run
Services systemctl start, brew services start, service start
Databases createdb, CREATE DATABASE (creation only)
Installer downloads curl/wget fetching .sh/.exe/.pkg/.dmg/.deb/.rpm/.appimage/.msi

Detection is a best-effort command-string match, not a security boundary.

Why Start Here?

I intentionally kept the scope small.

There are lots of interesting ideas you could build on top of this:

  • Rollback
  • Session replay
  • Audit logs
  • Policy enforcement
  • Human approvals

But I wanted to validate whether developers even cared about the visibility problem before building those features.

Sometimes the simplest tool is enough.

Looking Ahead

Hermes is the first supported agent because it's open source and has a great plugin architecture.

I'm curious whether this problem exists across other AI coding agents as well.

If people find it useful, I'd like to explore support for other agents in the future.

I'd Love Your Feedback

If you're using AI coding agents regularly:

  • Do you ever lose track of what they've installed?
  • Is installation history useful, or is shell history enough?
  • What installation actions should a tool like this detect?

Top comments (0)