Quick update on AgentGuard since my last post.
A few days ago I shared a tool I built because I kept finding that Claude Code was modifying files I didn't expect while I was away from the machine. Today I pushed 0.3.0 with some meaningful additions.
What's new:
A macOS menu bar app. Click the shield icon and you get a popup showing daemon status, which directories are being watched, and the last 5 file events. Start/stop the daemon from there too.
Telegram approve/deny buttons. When a sensitive file changes (.env, keys, CI configs, agent memory files), you get a Telegram message with ✅ Keep and ↩️ Rollback buttons. Works while you're away from the machine — the whole reason I built this.
macOS system notifications for HIGH and CRITICAL events.
Agent memory files now monitored — CLAUDE.md, .cursorrules, .hermes/, aider configs. These are persistent instructions that survive between sessions and could be poisoned.
A daily report command: agentguard daemon report --days=7
npm install -g agentguard-dev
agentguard init
for the menu bar app:
cd $(npm root -g)/agentguard-dev/tray && npm install
agentguard tray
Still honest about limitations: file watcher is the primary defense — real-time command interception doesn't work reliably with Codex (Rust binary) or Copilot CLI (TUI). Claude Code is the best-supported agent.
Nobody has really tested this except me. If you use Claude Code or any CLI agent and want to try it, I'd genuinely appreciate feedback — brutal honesty welcome.
GitHub: github.com/Osva2023/AgentGuard
leave question or help in comments if prefers. thanks
Top comments (0)