Over the past few weeks I've been experimenting with AI coding agents, especially Hermes Agent.
One thing became obvious very quickly, AI agents are incredibly good at getting things done—but they also leave a surprising amount of stuff behind.
A single prompt can result in commands like:
npm installpip installbrew installdocker pullgit clonenpx playwright install
At first this doesn't seem like a problem.
But after a few days I found myself asking questions like:
- Why is Playwright installed?
- When did I pull this Docker image?
- Which project cloned this repository?
- Did Hermes install this, or did I?
Unlike source code, there's no history for changes an AI agent makes to your development environment.
The Problem
When we write code, we have Git.
Every change is recorded.
We can inspect it, review it, and revert it.
When AI agents execute commands on our machines, that history mostly disappears.
Sure, you can search your shell history, but it quickly becomes noisy and doesn't answer questions like:
- Which session installed this package?
- Which task cloned this repository?
- What did the agent actually change?
As AI agents become more autonomous, I think visibility into their actions becomes increasingly important.
A Small Experiment
Instead of trying to build rollback, approvals, or policy enforcement, I wanted to answer a much simpler question:
Can I just keep a history of everything the agent installs?
So I built Agent Install Monitor.
It's a small open-source plugin for Hermes Agent that records installation activity performed through Hermes' terminal tool.
Today it tracks things like:
- Package installs (
npm,pnpm,pip,uv,brew,apt,cargo, etc.) - Docker pulls and runs
- Git clones
- Service starts
- Other common environment setup actions
Everything is stored locally in SQLite.
No telemetry.
No cloud service.
No accounts.
Example
After asking Hermes to build a project, I can simply run:
agent-monitor history
and see something like:
Hermes Session #12
Packages
✓ playwright
✓ openai
Containers
✓ postgres:16
Repositories
✓ microsoft/playwright
Services
✓ docker
It's intentionally simple.
The plugin doesn't uninstall anything.
It doesn't modify Hermes' behavior.
It doesn't try to secure your machine.
Its only job is to answer:
What did my AI agent install?
Installation
The project is open source, and I'd love to hear what you think.
GitHub: https://github.com/swytchcodehq/agent-install-monitor
Run the installer and it finds Hermes's own venv, installs into it (not your
shell's Python, which wouldn't be discoverable as a plugin), enables the
plugin, and offers to put agent-monitor on your $PATH. Safe to re-run.
macOS / Linux / WSL
curl -fsSL https://raw.githubusercontent.com/swytchcodehq/agent-install-monitor/main/install.py | python3
Windows (PowerShell)
irm https://raw.githubusercontent.com/swytchcodehq/agent-install-monitor/main/install.py | python -
Usage
Just use Hermes normally. Afterwards, in a regular terminal:
agent-monitor history # most recent session
agent-monitor sessions # list all recorded sessions
agent-monitor session <id> # a specific session
agent-monitor export [--session ID] [--format json|csv]
Data lives in $HERMES_HOME/agent-monitor/monitor.db (default
~/.hermes/agent-monitor/monitor.db). Nothing leaves your machine.
Supported Installations
| Category | Commands |
|---|---|
| Package managers |
npm, pnpm, yarn, pip, uv, poetry, cargo, go, brew, apt, dnf, apk, gem, composer, dotnet, nuget, choco, winget, scoop
|
| Containers |
docker/podman pull, docker/podman run, docker compose up
|
| Git |
git clone, git submodule add/update
|
| Runtimes |
npx, uvx, cargo run, go run
|
| Services |
systemctl start, brew services start, service start
|
| Databases |
createdb, CREATE DATABASE (creation only) |
| Installer downloads |
curl/wget fetching .sh/.exe/.pkg/.dmg/.deb/.rpm/.appimage/.msi
|
Detection is a best-effort command-string match, not a security boundary.
Why Start Here?
I intentionally kept the scope small.
There are lots of interesting ideas you could build on top of this:
- Rollback
- Session replay
- Audit logs
- Policy enforcement
- Human approvals
But I wanted to validate whether developers even cared about the visibility problem before building those features.
Sometimes the simplest tool is enough.
Looking Ahead
Hermes is the first supported agent because it's open source and has a great plugin architecture.
I'm curious whether this problem exists across other AI coding agents as well.
If people find it useful, I'd like to explore support for other agents in the future.
I'd Love Your Feedback
If you're using AI coding agents regularly:
- Do you ever lose track of what they've installed?
- Is installation history useful, or is shell history enough?
- What installation actions should a tool like this detect?
Top comments (0)