I built Hawkeye — an open-source observability and security layer that sits between you and your AI agent:
- Session recording — captures every command, file edit, and LLM call with costs and timestamps
- DriftDetect — real-time drift scoring using heuristics (zero-cost) + optional local LLM via Ollama. Detects dangerous commands, suspicious file access, error loops, token burn without progress
- Auto-pause — when drift score goes critical, the session is frozen until you review
- Guardrails — file protection (glob patterns), command blocking (regex), cost/token limits, directory scoping, network restrictions, human approval gates
- Web dashboard — session replay, drift charts, remote task submission from your phone via Cloudflare tunnel
- MCP server — 27 tools so the agent can self-monitor its own drift score, check guardrails before acting, and log decisions
One challenge I'd love input on: token/cost tracking is a black box for agents like Claude Code that don't expose usage in their hooks. I'm estimating from text length but it's inaccurate. Curious how others approach this.
One challenge I'd love input on: token/cost tracking is a black box for agents like Claude Code that don't expose usage in their hooks. I'm estimating from text length but it's inaccurate. Curious how others approach this.