Dev ditches sandboxing Claude Code, builds a local flight recorder instead

Trying to make like Claude Code, Cursor, Codex, and Antigravity 'safe' with deny lists and blocking modes didn't work, since hooks still run with the same permissions as the user. So instead of blocking actions, this tool called Agentmetry logs every single tool call the agent makes, in order, to a local file you control. It writes JSONL logs (so entries can't be silently altered) tagged with MITRE categories and hashes of the arguments used.

It also flags risky sequences of actions — for example, reading a secret key followed by sending data out over the network — as critical alerts. Logs can optionally be forwarded to log analysis systems like Loki, Elastic, or Splunk. It's built with Python FastAPI and a Next.js dashboard, released under the .

The creator is upfront that this detects and observes rather than prevents attacks, and that it currently maps to two known attack patterns rather than blocking anything outright. It can be tried in about 30 seconds by cloning the repo and running a demo script, with no API key or server required.

Key points

  • Hooks into Claude Code, Cursor, Codex, and Antigravity to capture tool calls
  • Logs are JSONL files stored locally, so tampering is detectable
  • Flags risky action sequences (e.g. reading a key then sending data over the network) as critical
  • Can forward logs to Loki, Elastic, or Splunk
  • Explicitly detects/observes rather than blocks attacks, and is still in alpha
Read original