INITIALIZING SYSTEMS...

[ OK ] Loading policy engine

[ OK ] Mounting audit logger

[ OK ] Connecting process watcher

01 >> AI OBSERVABILITY [ARMED]

02 >> AGENT OVERSIGHT [ARMED]

03 >> POLICY ENGINE [ARMED]

04 >> AUDIT TRAIL [ARMED]

OPENSIGIL.ORG v0.1.0-alpha

READY

Local-first · Open source · Zero telemetry

Govern your agents
before they act

Monitor what your agents are doing, set rules they can't break, and maintain a complete audit trail across providers.

$npm i -g opensigil
View on GitHub
v0.1.0 stable
MIT License
Node ≥ 18

Live Demo

From install to oversight in seconds

OpenSigil runs locally on your machine. No cloud. No accounts. Just install and start watching.

opensigil — zsh
daemon active

Features

Everything you need to govern agents

OpenSigil gives you full visibility and control over every AI agent running on your machine.

AI Observability

See every tool call, file read/write, shell command, and API request your agents make — in real time.

[09:14:02] READ src/index.ts
[09:14:03] WRITE src/index.ts
[09:14:05] EXEC npm install
[09:14:07] HTTP GET api.openai.com

Agent Oversight

Monitor active agent sessions across Claude Code, Codex CLI, and any MCP-based agent on your machine.

Sessions: 2 active
├─ claude PID 4821 ▲ running
└─ codex PID 5120 ▲ running
Status: ⛔ BLOCKED rm -rf

Policy Engine

Define rules your agents must follow. Block dangerous commands, restrict network access, protect sensitive paths.

# .opensigil/policy.json
{
"rules": [
{ "deny": "exec:rm -rf" },
{ "deny": "http:*.unknown.io" },
{ "allow": "read:src/**" }
]
}

Audit Trail

Every agent action is logged to a tamper-evident JSONL file. Replay sessions, investigate incidents.

{"ts":"09:14:02","type":"read",
"agent":"claude","path":"src/api.ts"}
{"ts":"09:14:09","type":"exec",
"agent":"claude","cmd":"rm -rf /tmp",
"blocked":true,"policy":"no-delete"}

How It Works

From install to oversight in 4 steps

OpenSigil runs entirely on your machine. Setup takes under a minute.

01

Install the CLI

One command. OpenSigil installs globally and runs locally. No cloud, no accounts, no data leaves your machine.

$npm i -g opensigil
02

Initialize your project

Run init to create a policy config in your project. Choose from preset rulesets or write your own rules.

$opensigil init
03

Start the daemon

The daemon watches for AI agent processes and intercepts their actions in real time using process monitoring.

$opensigil start
04

Watch & audit

Live feed of every agent action. Violations are blocked instantly. All events are logged to a JSONL audit trail.

$opensigil watch

Compatibility

Works with every AI agent

OpenSigil uses process-level monitoring — no SDK integration required. If it runs on your machine, OpenSigil can watch it.

Claude Code· Anthropic
Codex CLI· OpenAI
OpenClaw· Open Source
MCP Agents· Any Provider
Gemini CLI· Google
Cursor· Anysphere
+ any process

How detection works

1

Process scan

Daemon polls running processes every 2s using ps-list

2

Pattern match

Matches known agent signatures: claude, codex, openclaw...

3

Policy enforce

Intercepts syscalls and enforces your ruleset in real time

Open source · Free forever · MIT License

Start governing your agents today

Install in seconds. No signup. No cloud. Your agents, your rules, your machine.

$npm i -g opensigil
Star on GitHub
npm i -g opensigil
v0.1.0
MIT License